Re: Security is hard
This hits the nail on the head. Unfortunately, the vast majority of people are lazy about security. And even if you're not being lazy, how many people actually double-check the URL of a link before clicking on it? How many people check the SSL certificate on their email provider when it changes? How many people check the issuing CA on a certificate before deciding to trust it?
I suspect that even if you tried to block people from entering card details (i.e. recognisable patterns of information corresponding to a card), the workarounds employed by bad actors wouldn't deter people. In fact, the workarounds would probably be dressed up as being *extra* security to encourage people to trust the site...
This is an issue of human behaviour, a subconscious desire to conform, and a generally irrational desire to complete something once we've decided to do it. Especially when it's a really good deal and somebody else might beat us to it - quick - buy buy buy.
The simple fact is that people want to enter their card details and complete their purchase :(
Biting the hand that feeds IT
