[feldon30]

I think the problem is people want convenience.

They expect when they go back to a website to be able to re-order without re-entering credit card details. And people are notoriously bad about record-keeping when it comes to buying software online. They want to be able to re-download it if they have a crash, even though they don't print anything or maintain any backup or proof that they purchased it. The last few digits of the credit card can be used to confirm that someone in-fact bought the product.

I don't think websites keep credit card information on file for their health. It is because customers expect certain things

If Microsoft weren't such an overbearing ogre in the marketplace, their MSN/Microsoft Wallet/Passport/Microsoft Live system might have taken off, where you put all your credit card details into your Passport account and then just pay with that. For now, there's the equally morally questionable Paypal.