Online shopping has become one of ways for shopping, where credit card payments account a large proportion, as the physical credit card transaction move to the internet, here comes the problem, we can’t confirm the cardholder’s identity through the signature on the internet, so online stores ask the consumer to enter their personal information to check cardholder’s identity from bank. Today it has become the norm that the online stores ask the cardholder’s personal information, but it causes a serious problem, when online stores have all the cardholder's information, they have the ability to use the cardholder's credit card to pay, and the bank have no way to find out who is the real cardholder. Therefore, this study start from the point where online stores have too much personal information, analyze what risk may happen to the consumer, online store, and bank under this situation, we also test on different online stores to realize how many personal information they get, and divide these online stores into three categories according to the amount of personal information they have, and then discuss the safety of these three categories of online stores when they are dealing with attack from online store, consumer, and bank. After the related work and discussion, we propose three security credit card mechanism corresponding to the amount of personal information the online store have, first is public key credit cart mechanism for situation where online store have rare information, second is verification code credit card mechanism for situation where online store have some information, third is dynamic credit card information verification mechanism for situation where online store have all information, and then analyze the safety of different mechanism we proposed, comparing the difference between our mechanism and existing mechanism in security, consumer privacy, and operation convenience, at the end of this study we describe some potential drawbacks of our mechanism.