1) You can use cookies without being anti-privacy, pro-data selling. 2) Why do you need cookies to operate a secure payment system?

At it's core, a payment system is a form. Yes, many bells and whistles around that form are powered by cookies/local storage, but they aren't necessary.