I think the barrier is that credit cards are pull and not push so people are hesitant to hand the capacity to pull over to very small operations which are often overseas and might be dodgy (or get hacked for that matter). Imagine if you made a purchase on a site and it gave you a string to then cut-and-paste into your e-banking (or you give them your ebank "email" and then you get an SMS confirm notice, which is closer to pull while still having that push feeling of control). Although, I am a little hesitant about SMS and banking now, having had to try to do some banking overseas and not being able to get the SMS confirm from a bank on a push (domestic paying of rent) operation.