I know US banks have "virtual credit cards", but it's not something every bank implements. I use PayPal to get some protection - because no bank provides protection in this, or any nearby country.
And hey, we are topping up our accounts.
There is absolutely no need to store card details!
All I am saying is that LiquidSky should protect itself, and either make the payments one-time-only, or let people remove the payment details. Most sites that store Paypal details prompt you to enter your Paypal details AGAIN before making a new purchase.
Here? You can spend ALL the money you have. All it takes is a few minutes (2-3?), and some malicious user.
But if someone has physical access to your computer...
You don't need that. It's linked to your account. If anyone steals/knows your Google password, poof, you are done. Anyone steals/snoops your cookie? Done, over. And so on, and so on.
This should not have been implemented, ever.
WITH ALL THAT SAID.
The solution: Disable saving payment details. Make them a "one-time-only" payment for adding credits.
Yes, if someone has a Gamer plan (or whatever it will be in the next version), then you can make that a Paypal subscription. That way the user can cancel, AND PayPal will ONLY deduct the monthly fee.