More often that not, what you have to store is determined by your payment processor and so you usually have very little say in the matter. When you do, the general rule for security is to only store what you absolutely have to. The less information you store, the lower your security risk, and the less information customers have to enter (in general) the better your conversion rates.
So if you don't need the name, or it provides no additional benefit from you provider, then don't require it. However, I know of at least one case where requiring more information on a form resulted in a better conversion (although this wasn't for payment details). So, as always, you should test this hypothesis with your customers.
As an aside, I prefer to always use a payment provider that stores any information that is needed. That way I don't have to deal with any of the legal compliance issues and the accompanying liability.
Answer from JohnGB on Stack Exchangei’ve been trying to purchase something using debit card but almost all the app i use need a card holder name where can i find it? Much thanks in advance
online payment - Credit card with no card holder names on it - Personal Finance & Money Stack Exchange
banking - The last letter of my name is missing on my bank account information, should I keep trying to fix it? - Personal Finance & Money Stack Exchange
Been trying to use my debit for online purchases but it has no holder name on the card where can i find?
What to put for "Cardholder name"
What Is a Cardholder Name?
What should I do if my cardholder name is incorrect?
Can my cardholder name be different from my legal name?
Videos
More often that not, what you have to store is determined by your payment processor and so you usually have very little say in the matter. When you do, the general rule for security is to only store what you absolutely have to. The less information you store, the lower your security risk, and the less information customers have to enter (in general) the better your conversion rates.
So if you don't need the name, or it provides no additional benefit from you provider, then don't require it. However, I know of at least one case where requiring more information on a form resulted in a better conversion (although this wasn't for payment details). So, as always, you should test this hypothesis with your customers.
As an aside, I prefer to always use a payment provider that stores any information that is needed. That way I don't have to deal with any of the legal compliance issues and the accompanying liability.
A few things things to consider:
Having the name can help with sorting out some kinds of credit card fraud offline. You can usually call the card issuer directly and validate that the name, card number and address match for example.
Some folk use the name as a way to filter out some kinds of pre-payment credit cards (like visa gift cards) that don't have a name. There are better ways of doing this - but it's a way.
You sometimes need the cardholder name for other parts of the system (e.g. receipts)
Abine has a product for iOS and Android (and desktop), now called called Blur, that provides credit card masking (alias credit card numbers), along with other privacy services. It's subscription-based. I've used it successfully for a number of transactions over the past year or so. To the merchant, you supply any name, Abine's address, and the specific masked credit card number and code. You can create any number of masked cards with different credit amounts, and the charges show up on your real card statement as "Abine, Inc.".
Does not a reloadable card purchased from a store meet your requirements?
Note, however, that my memory is that if you buy such a card in the US it can't be used outside the US--to keep it from being used to take money out of the country.
Is it normal to have the personal information cropped? I'm not sure whether the limit on characters is a real thing, but every time I go to ask for a change I get the same answer.
It is and it is. In the older systems in the banking world (those based on the good old IBM Mainframe systems) there was definitely a limited pre-allocated space for names, which was shorter than names are in many cultures (not just Mexican, long names exist in some European countries, India, Middle East). So the names are cropped or abbreviated.
On credit/debit cards the name is embossed/printed on the card, where the space is physically restricted, and is also encoded in the magnetic stripe and the chip, where the space is also limited, so there you have space constraints as well.
You can consider abbreviating middle names, if it is possible, otherwise... You're stuck with the limitations of the system. If the name is not misspelled, just the last character is missing, then you can provide the same explanation if anyone asks.
That said, 21 characters is not a lot. For payment cards, the name field is up to 26 characters, including spaces (see ISO/IEC 7813). But if there are separate fields for first and last names in the bank's system, it may be split 10/16 for example, or something similar.
This is a partial answer, addressing some practical concerns you may have. I work for a payment processing company in Europe, but I believe online payments standards are very similar throughout the Western world.
I would generally just follow directions like "please input your name as it appears on your card" literally - write exactly what is printed.
Modern online payment systems use a probability-based system for identifying the cardholder. It would be unlikely that an automated system would reject a payment because of one missing character in a middle name (so unlikely that I'd consider such a system misconfigured). Typically you can completely omit the middle names without issue, or abbreviate your first name (e.g. Alexander to Alex).
It is possible that the transaction would be flagged for some sort of extra review, but this would normally be invisible to you unless it lead to your bank automatically requesting confirmation of the transaction. Large or unusual transactions are more likely to be investigated. This wouldn't have any impact on you beyond the call/message/app notification you get asking you to confirm the transaction.