It’s not hard at all to get a new credit card. Report it lost and get a new one. In the US I’ve never seen a bank charge for it, and several times have simply gotten a new one sent to me unprompted because the bank had been informed the card was compromised. Sure it’s not the same as creating a new gmail account, but it’s still incredibly easy.
Also, banning credit card numbers is going to be problematic... most smaller operations are not (and should not) be handling their own payment processing and should never have access to card info. Even if you do and you hash it to match against that’s iffy from a security perspective and would likely run afoul of any decent PCI auditor.
Yep. You can either write code for it or use Radar to block the charge by fingerprint (write a rule once in your Stripe dashboard to block cards on a blocklist, add a fingerprint to the list when you identify an abusive customer, done). This lets you block a card without ever contaminating yourself with knowledge of its number (we expose the fingerprint in a variety of places to you, like API responses or on the charge detail page in the Dashboard).
Appart from the obvious benefit of not storing the credit card yourself, I imagine if a user switch cards, the number change and we are back to the same.
You can actually get new credit card numbers generated super easy. There are services that will give you a unique credit card number to use at every online retailer to limit your risk of theft.
I used to use Paypal’s digital card service before they discontinued it. I’m surprised this isn’t more popular in the US, it’s in the bank’s interest to help you limit everyone’s risk.
It's not really hard but it certainly is an inconvenience, especially if you're going to rip off a video game dev. It would take a lot of dedication and resources to exploit OP's policy, and pretty much no one would do it is the point.
I would also think that in cases like this you’re dealing with an indie dev who you’re never going to purchase something from again anyway. Steam would never have a refund policy like this, so the issue becomes moot.
Privacy cards allow you to generate new cards whenever you want, even pause or 'destroy' them whenever you need. A merchant can block the cards that come from that service though. Merchants such as Supreme NY, but Privacy has claimed they have found a way around that.
If the trial takes PayPal you can also reject authorization for automatic payments in PayPal.
Just be aware that blocking the payment doesn't necessarily cancel the service so you can end up in collections if you don't cancel in rare cases (like if you signed a term contract)
Also, banning credit card numbers is going to be problematic... most smaller operations are not (and should not) be handling their own payment processing and should never have access to card info. Even if you do and you hash it to match against that’s iffy from a security perspective and would likely run afoul of any decent PCI auditor.