aliexpress has a good hat-trick for it. If you're resetting your password, or authentication, then all stored credit card data is wiped from your account.
That's brilliant. You could even hide other data (shipping addresses, purchase history, etc.) until valid payment information is re-entered, or until the next successful purchase.
To generalize the idea: as long as anyone can create a new account, then the value of a new account is zero. The value of the lost account is the value of the differences between it and a new account. The recovery cost should be directly proportional to the value of the account. Aliexpress turns this formula on its head, starting the recovery operation by taking a high-value account and turning it into a low-value one, then presumably using a correspondingly low-cost recovery method.
There is an issue of not needing credentials to delete payment data as a kind of DOS attack.
Your idea is smart as well: it turns the high-value component of the account into a credential of its own.