I have no experience with these people and never heard of them, but I am guessing that the CC information is needed because they are giving you root access to their server. From a purely legal and business point of view, it seems to make sense.
What if someone registers for more than one vps (or dozens with the help of proxies and gmail account) and runs illegal activity like spamming or DDOSing some other site? These are all plausible scenario and having valid CC number is the most reasonable thing to do.
What if someone registers for more than one vps (or dozens with the help of proxies and gmail account) and runs illegal activity like spamming or DDOSing some other site? These are all plausible scenario and having valid CC number is the most reasonable thing to do.