I agree, but that's saying because credit card suck in way X, they should suck in way Y as well to accommodate. Stolen credit card information shouldn't be a thing, and people shouldn't be passing security critical 20+4 digit codes around (think oauth).