Umh, no, thanks. I never store my CC info on dd services.

That's not how security works. Trust but verify :-P

What API are you using?

You're not storing the CC info.

You are correct. It isn't about having 100% safety.

It's really about managing risk. That's what we talking about..

And the risk really isn't any greater... on one had your risk having your card number stolen that can be used anywhere and on the other hand you risk having a token stolen that can be used on GOG only, while card number is still perfectly safe. I know which of the two I would prefer to happen if it ever did happen.

While the unique encrypted token that can only be used here part is nice, no thank you. But as long as it's entirely optional, I guess it's a good thing for those who want it.

No comment about the... business-apologists here, because... Blah.

The OP does seem to hint towards a sale soon though, so that's more interesting.

"We hope the feature turns out to be particularly useful soon, when you may just feel compelled to click really, really fast."
Guys, i think the blue's are hinting at something really nice that a lot of people here talk about,and wallets shiver and it usually happens at this time of May, sooooo.... ;).Cheers.

Not for me, I use PP already to manage that in-between layer. But some people will welcome it.

If you're teasing an Insomnia sale, please don't make it next week. That's about the only week for the foreseeable future during which I wouldn't be able to really participate in it. Though maybe that's a good thing.

I remember seeing some users ask for this in the past, so they should be happy. It may also be useful if there are ever any Insomnia or Limited Quantity sales in the future, making it quicker to check out before the number of games runs out.. Me on the other hand, I think I will just stick to entering payment details the old fashioned way. Thanks GOG!

Don't worry, the first game will be Jack Keane, everything will still be there the week after.

I consider it a highe risk - I still have to enter a card number just like before (because I will not "store" it - regardless if it's a unique token or what-have-you) - only now there is a mechanism that didn't exist before that could get hacked.

But as I've mentioned a few times - a virtual card number will be my protection (assuming it works here - we'll find out probably not too long). Virtual numbers can be locked to specific dollar amounts, expiration dates, and vendors. So I could set one up for GOG that expires in a month and is good for $50. If that got "hacked" the damage is minimal. I use them on Amazon, etc. Anyplace that allows "storing" payment info. It's good protection.

There is exactly one place on the whole internet that I allow to store my card # - Paypal. Not that I think they are unhackable, but at least they have presence in my country, if it came to worst I wouldn't have to travel to another country to resolve disputes. And securely storing sensitive information is their core business, unlike stores like GOG where it is just means to an end. Paired with tight limit on amount of daily internet purchases enforced by bank, I could loose some money in case of hack, but nowhere near devastating amount.

I admit the token-based approach is much more secure than storing CC info, it sounds like the same principle as behind OAuth2 tokens. Interesting, this is the first time I heard that it is available in monetary context, and indeed it is safe as f*** against hackers. I quite like it from security standpoint, it was high time that something like this became available. Still, it gives GOG unrestricted access to my money account, to be used as they see fit, and I have to trust that they won't use it, except on my command. I still like the two actors model better. I keep logged on permanently on gog, so if nothing else, having to enter Paypal password serves as a reminder that stuff is about to get serious now (as serious as games can be, that is).

As for the "clicking fast" part... my gog library is pretty much complete. I have close to 90 items on my wishlist^W"list of stuff I'd be mildly interested in, pending research and/or good enough discount". Not giving me enough time to decide is the best way to make them stay on that list.

Blessed Jack, ineffable are His ways, unknowable is His purpose!

And if that makes you feel safer than so be it. People should do what makes them feel safe. That doesn't mean we need to spread paranoia about such things. That's all I'm saying. Have a good day. :)

thanks, but I'll never use this "feature" ;)