BTW just to confirm/clarify, we don't
ever actually store any payment card details ourselves on our own servers, any payment card details that
are stored are stored with our payment provider, Stripe (see:
https://stripe.com/ ), which is a regulated payment provider. For cards details that have previously been stored with Stripe via the 2000 AD web shop, we just reference these for payment via a secure "token", but we never actually see the card details ourselves.
I know this doesn't address the current issue of not always displaying the amount to be charged before asking for card details, but thought you might like to know that we don't actually hold card details ourselves.