Having to go and update your recurring billing because your card changed (the expiration date passed, or your credentials leaked and a new number has to be issued) would be a huge pain in the ass.
I'd hope there are some controls here - in the case of a compromise, that only accounts that existed before the compromise occurred will be updated. But it strikes me that something that does the right thing 99% of the time should be welcomed.
It only updates the expiration date upon automatic renewal by the issuer and after an update a CVV2 reconfirmation is required (unless it’s a recurring transaction, saved account details and recurring transactions are different beasts) since the CVV2 has also been rotated.
Change of PAN due to a new card being issued whether it’s on the request of the costumer, lost or compromised card should not auto-update.
> Having to go and update your recurring billing because your card changed (the expiration date passed, or your credentials leaked and a new number has to be issued) would be a huge pain in the ass
I can’t say I agree. What’s a huge pain in the ass is cancelling services, and now you have to cancel your entire credit account to know that your outstanding charges are canceled. That’s highly inconvenient.
Having to go and update your recurring billing because your card changed (the expiration date passed, or your credentials leaked and a new number has to be issued) would be a huge pain in the ass.
I'd hope there are some controls here - in the case of a compromise, that only accounts that existed before the compromise occurred will be updated. But it strikes me that something that does the right thing 99% of the time should be welcomed.