An SSO-like payment system with tracking and revocation is a great idea and would be amazing for us consumers. I'm just not holding my breath waiting for the corpos to implement it.
While nowhere near perfect (far from it, really), as long as the sites you are shopping on are PCI-compliant (most should be), you don't have to worry too much about a compromised site leaking your payment details for use elsewhere.
Basically just use a password manager and don't worry about saving credit card (NOT debit card) details in the site as long as they aren't extra-sketchy.
You guys are finishing games?