It’s only visible to the buyer and the card company to process the transaction.

Everything in between is encrypted.

If they did use that card information without authorization, they could face legal consequences. Or at the very least, no financial service company would want to process card transactions for them.

Companies like repeat business. Ripping someone off is a good way to not get them to ever return. Same idea as why drug dealers usually don’t rip you off; they want you to keep coming back to give them more money.

If you’re asking why individual workers don’t steal the numbers, usually at places like that everything that shows up on their computer screen is recorded and when fraudulent charges show up on a customers credit card, it’s easy to see who looked at the numbers, if they are even able to look at the numbers. There is almost nothing you can get with credit card numbers that’s worth going to jail or losing a good job that would pay you more than you can steal.

Oh they totally can

But any reputable business won’t because credit scamming and theft is a serious crime and the fallout and legal consequences of that would topple the business.

In addition to the lawsuits and fines, committing credit card fraud on that kinda of scale would prevent any bank or credit card company from ever wanting to do business with you again.

Big companies spend a fortune on security to prevent these sorts of things from happening for exactly that reason.

You can read up on PCI compliance. On most sites you are entering your card information in fields that are directly tied to the merchant processor. The seller doesn’t have access to your card data. When you submit the order the card information is sent, encrypted, to the processor who sends a message back to the seller that the payment is approved and they can fulfill the order. In the case that you had to speak to someone and they type your number in its very similar but to avoid even having to do that the seller pays a much higher processing fee for the transaction. As mentioned, there are some very big penalties for missing card date including being banned from accepting any cards at all.

They could but it would be super obvious if everyone who ever used Amazon suddenly got their bank accounts emptied

Per your agreement with the Merchant Card services provider (The Bank) you (as the seller) must comply with digital audit procedures to ensure the customer card data is secure otherwise your services will be cancelled. If you try going over to a new provider you’ll either be refused service by them or charged higher initial rates until you’ve complied with the audit of your digital environment. So could you imagine Amazon or eBay losing the ability to take VISA and Mastercard payments at all – they would be broke overnight.

The use of online OTP (One Time PIN – sent to your phone) is ever increasing.

Also any fraudulent transactions or other chargebacks will be taken directly off your (the sellers) account and after too many such requests your merchant status will be suspended and investigated.

Many smaller sellers forego handling customer card details at all and the payments are routed via an addon to a payment processor. So although you are on XYZ website when you get to the payment screen that part of the form is directly connected to the payment processor not to XYZ. So no-one at XYZ ever has access to your card details.

They totally can, but if they they do it no one else will buy there anymore so there’s more incentive to be honest. Plus, people would go to jail.

Because, as it turns out, committing felonies and stealing from one’s customers is actually really bad for business.