The questions that need to be asked.
Did the owner of the device, and card, enter the card details into said device for storage, and then fail to implement any form of security around those details to prevent misuse?
Did the device/card owner willingly give the device, with stored details, to their child and let them use it unsupervised?
Does the device owner prefer to have an electronic baby sitter for their child, rather than spending time with them and taking an interest in their childs activities?
Do the T&C's of said device make the device owner aware of how the details are stored, and how they can be used?
Problem Source: Parents.
Problem Destination: Anyone but the parents.
Car Analogy: Parent gives the car keys to a child so they can sit in the car and play at driving. Child stars car and drives it into the wall, causing damage. Parents blame car manufacturer.