The problem is actually in the payment system itself. A credit card number + expiry + ccv + name is essentially like giving out a username + password to your money. We hand out the same username / password to everybody and everything works on the honor system after that. At any given time there are likely hundreds of companies that have your username/password and can charge whatever they want at any time. If anything looks fishy, is up to you to investigate and get charges reversed.
Instead, I should be able to seamlessly create new credentials per vendor with expiration and limits. I should also be able to stop payment at any time.
replies(2):