Why? was it relevant?... :P

I assumed itti's post was the OP for some reason...

No, it is not.

What are you going to post about next, that they invade your privacy by using Google Analytics to keep track of users and their navigational / clicking habits?

They keep transaction history somewhere, including the four last digits of your cc (if you paid by card).

They do not keep full card data that would allow for one-click purchases (unlike, say, Amazon).

If your GOG account is hacked, the hacker won't be able to even buy you some more GOG games for the lulz using your funds, not to mention steal card data and buy something for himself.

If all of GOG is hacked (worst case scenario), you'll see some service interruption as a user and possibly users' real names would leak (along with account emails and paypal emails). E.g. if the data shows that the majority of games on my account were purchased by someone named Emma Walters (sneaked a Resonance reference, ha!), that is likely to be my (or my mom's) name. But, again, no data that could be used to make an unauthorized payment using your money.

Note that you don't need to provide address etc when paying by card, but Paypal does require the address. Paypal has its own transaction history, which I bet is more detailed and juicy. I am not aware if it provides the expanded data to sellers.

Valve should probably mention somewhere that GoldSrc keys are too old to be used. The problem with those keys is that Valve didn't handle them. They were issued by the respective publishers for different regions -- and at times were recycled, so that the same number was used in more than one region.

It's part of the reason why adding GoldSrc keys to Steam unlocks near all of the GoldSrc games, as they haven't a clue which specific game it was actually for.

They pass payment information to the appropriate financial institution in order to receive payments. They don't keep a copy of the information that they pass along, but still have access to financial records when the need arises. I don't know how much of your credit card info is visible from the records the back gives you but it's probably enough to match a name and 4 digits.

1. Take a credit card (preferably yours).
2. Go to a brick-and-mortar store, preferably one where you sign slips instead of typing your PIN.
3. Buy something.
4. Pay with a card.
5. Read the slip. That's the info GOG receives when you buy a game.
6. Sign the slip and hand it back to the cashier like you're supposed to do.

GOG is not a payment provider. They are a store. They do not ever obtain knowledge of your CC numbers. GOG's payment provider (the acquiring bank) does, of course, because they need the info to actually bill you. Then they send GOG an e-slip.

Some stores do indeed keep card data, even in employee-readable form. A cashier in a physical store can memorize your card number, and if you hand your card to a waiter in a restaurant, they have all the time in the world to help themselves to your money. GOG's payment system is the safest that can exist:

GOG > Amazon/Paypal > plaintext > physical store > restaurant

GOG truly is number one in this world.

I have to agree with you here, mostly. Unfortunately, the last 4 digits of a CC are really the most important ones. Most of the rest of them aren't random at all. The first digit will depend upon what type of card it is, When they start with a 5 that's a mastercard and there'll be information about which bank issued it as it's how they ensure that the numbers aren't duplicated.

Sames goes for MAC addresses and SSNs as well if you're interested. Those right most digits are disproportionately more valuable than the left most ones as those are easier to guess if need be.

That being said, it would still take more information and randomly guessing at it would lead to the account being frozen before one is likely to succeed in brute forcing it.

i just changed my mail address back & forth using the in client option- change email address
it took about 20 mins......

it's not about the issue of changing emails, it's about the support you get when something goes wrong while changing emails.

I was mislead by your wording. To be more clear you should have said digits instead of numbers as I was thinking about the last four complete cc numbers used.

Thank you all for the clarifications and sorry for derailing from the main scope of this topic. Though, at least for me, it was informative.