That's brilliant. You could even hide other data (shipping addresses, purchase history, etc.) until valid payment information is re-entered, or until the next successful purchase.
To generalize the idea: as long as anyone can create a new account, then the value of a new account is zero. The value of the lost account is the value of the differences between it and a new account. The recovery cost should be directly proportional to the value of the account. Aliexpress turns this formula on its head, starting the recovery operation by taking a high-value account and turning it into a low-value one, then presumably using a correspondingly low-cost recovery method.
There is an issue of not needing credentials to delete payment data as a kind of DOS attack.
Your idea is smart as well: it turns the high-value component of the account into a credential of its own.
There is an issue of not needing credentials to delete payment data as a kind of DOS attack.
Your idea is smart as well: it turns the high-value component of the account into a credential of its own.