[trothamel]

It actually is a feature, though.

Having to go and update your recurring billing because your card changed (the expiration date passed, or your credentials leaked and a new number has to be issued) would be a huge pain in the ass.

I'd hope there are some controls here - in the case of a compromise, that only accounts that existed before the compromise occurred will be updated. But it strikes me that something that does the right thing 99% of the time should be welcomed.

[dogma1138]

It only updates the expiration date upon automatic renewal by the issuer and after an update a CVV2 reconfirmation is required (unless it’s a recurring transaction, saved account details and recurring transactions are different beasts) since the CVV2 has also been rotated.

Change of PAN due to a new card being issued whether it’s on the request of the costumer, lost or compromised card should not auto-update.

[drb91]

> Having to go and update your recurring billing because your card changed (the expiration date passed, or your credentials leaked and a new number has to be issued) would be a huge pain in the ass

I can’t say I agree. What’s a huge pain in the ass is cancelling services, and now you have to cancel your entire credit account to know that your outstanding charges are canceled. That’s highly inconvenient.