In reply to Ken Lewis:
> It boggles me that they do. Leave it to the banks.
Online and remote payment really seems quite badly designed. The "secret" number on the back of your card - read out to someone you don't know over the phone. The number of shops taking telephone orders who write down your card details and postcode incase the card machine fails.
The secured by VISA feature on some websites is an improvement, but look at how paying by Paypal works. You chose this method and the website sends a code to Paypal, Paypal does the authorisation, Paypal then sends a code back to the original website also confirming your address.
Now I know Paypal isn't infallible but the method is much more sensible. The authorisation is between you and your bank(or equivalent).
Same with direct debit set-up. Why should I have to provide my bank details, surely they should be supplying me with their bank details and an interface to my bank to confirm I want to pay them.