[obeattie]

This isn't new and has existed for nearly 20 years. Visa's implementation is called VAU (Visa Account Updater[1]) and Mastercard's is ABU (Automatic Billing Updater[2]).

Issuers (banks) have to provide the details of these new cards to Visa/Mastercard, and the systems are certainly capable of updating the details of debit cards. It sounds like TD had a bug where they sent updates for cards which they shouldn't have. ie: TD broke their own rule about only enrolling credit cards.

Card details which do not automatically update are really frustrating for customers – especially on services like Uber. In nearly all cases the customer is going to go and give the merchant their new card details anyway. My understanding is that if card is compromised (as opposed to being lost) then banks should not provide the new details. There isn't really much _additional_ privacy or security risk here beyond those posed by merchants/acquirers holding onto card details already – provided banks do it right.

Though zooming out a little, long-lived payment tokens shared among every merchant a user shops with being the way things are still done is crazy. How long it has took to roll out EMV (chip cards), especially in the US, shows how hard it is to effect change in vast, three+ sided marketplaces like card networks.

[1] https://developer.visa.com/capabilities/vau

[2] https://developer.mastercard.com/product/automatic-billing-u...

Disclosure: I work for a bank.

[Canada]

I prefer to be able to choose whether my card details are updated. By default I do not want updates. I will definitely give Uber my new card, but I like how card expiration kills subscriptions I don't care about without me having to do anything.

[ig1]

Don’t do this. Your card not working (generally speaking) doesn’t automatically end a contract.

You could end up with the subscription not ending but just accruing as a debt, which the vendor could then sell on to a debt collector at a later point.

If you just let a card expire you’re generally relying on the good will of the vendor to treat it as a cancellation.

[dboreham]

But were put into this position by the bad will of the vendors who make it next to impossible to cancel the contract.

[lordlimecat]

Talk about hyperbole. What vendor contracts are next to impossible to cancel? And are we just talking about obnoxious phone calls with extended waits?

[misnome]

I did this deliberately. Tried to unsubscribe from the Times newspaper (digitally only) in the UK.

- Unsubscribing was phone only - Limited operating hours - Long telephone queues

And then they told me they would have to charge the next three months subscription, and that there was no technical way to remove me early.

Surprisingly, when I cancelled the card and they didn’t get the money my account managed to get turned off somehow!

[jtc331]

Issuing banks don’t have to fail a transaction just because the card is expired anyway, so this isn’t actually a guaranteed way to end the charges anyway.

Of course issuing banks may even approve charges on a closed account too. In other words, relying on the bank to end payments has all kinds of failure modes.

[scarface74]

That’s just like people who are going to be “smart” and use a card with a low credit limit to attach to their hobby AWS accounts.

Just because the charge was declined when you were billed doesn’t mean you don’t owe the money.

[robotastronaut]

A subscription is a bit different as you pay in advance. If the charge fails, you generally lose access to the subscribed service. That's not the same as using an AWS resource, being invoiced for that use, then not paying it.

[scarface74]

That’s fair and in most cases, you can just update your card information and nothing is lost. But what if it is for a renewal of something like a domain name or backup service where you would lose data if you don’t renew?

[chrisan]

> but I like how card expiration kills subscriptions I don't care about without me having to do anything.

I'm not advocating against choice of automatic updates... but shouldn't you come up with a different way to kill off subscriptions you don't care about? My VISA doesn't expire till 2023

[Canada]

It's far from ideal, but I like the reset provided by card expiration. Better would be if the issuer provided a web interface to turn off any subscriptions at will. Asking the merchant to do it is usually very annoying and time consuming by design, so sometimes it just doesn't get done.

[pbreit]

No guarantee that your card issuer will decline a transaction on an expired card. Plus, that may not actually cancel the subscription and you could continue building a debt. Just cancel the sub.

[literallycancer]

I think he's talking about services that intentionally make it hard or impossible to cancel.

[lordlimecat]

This is overblown. Worst case, you can send a certified letter for most things.

For gyms, it's pretty well known you either don't agree to said contract to begin with, or suck it up and show up in person if you did.

And gyms have a valid contract and will likely continue accruing debt on your account which they could pursue if they wanted to.

[OrgNet]

You can tell your credit card company that you lost your credit card if you need to change your credit card number. But usually, my bank tells me at least once a year that I need a new number because my card has been compromised.

This is not ideal which is why whenever I can I setup autopay through my bank's website.

[etatoby]

> usually, my bank tells me at least once a year that I need a new number because my card has been compromised

What!?

I have been shopping online all over the place since the time Amazon was only a bookstore (read: decades ago) and this has never happened to me once.

Are you sure nothing is wrong with your bank? Do you use your credit card in shady places?

[kristianc]

Unless by shady places you mean places like Target

https://www.nbcnews.com/business/business-news/target-settle...

Or Adobe

https://krebsonsecurity.com/2013/10/adobe-to-announce-source...

Or British Airways

https://www.theguardian.com/business/2018/sep/07/ba-british-...

Credit card details get leaked or compromised all of the time and are a dime a dozen on the dark web.

[OrgNet]

The most shady places are probably gas stations/gas pumps and restaurants. They like to install card skimmers on gas pumps around here, maybe that is where it originates from. But most of the time, they cancel my card before any suspicious transactions are recorded.

[joombaga]

It's good to give those readers a tug. The skimmers aren't usually affixed well.

[redler]

There really ought to be an option to instruct a card company to do a "hard termination". Seems like a rule that would be right in the wheelhouse of the CFPB (in the US).

[ricardobeat]

It sounds convenient for things like Uber, but should still be opt-in. Since the vendor can apply charges arbitrarily, having your new CC details shared without your knowledge doesn't feel right. I've never seen this anywhere, usually you get a warning that 'your payment method will expire' a few weeks in advance. Might be a US only practice?

[obeattie]

It’s definitely a thing in Europe, but many merchants don’t bother to support it. Large ones like Amazon definitely do though, as do all merchants who use Stripe.

[stordoff]

Are you sure on Amazon? I've definitely had cards expire (Visa Debit/Mastercard) that have not been updated.

[obeattie]

Yes, though your bank has to also support it.

https://www.amazon.com/gp/help/customer/display.html?nodeId=...

[mwexler]

It's not just uber, think of all the utility companies and quarterly/annual billers who you put on your card to get rewards points. Who even knows how to change those, or which ones to change? Will you go through a year of statements?

There are lots of ways to make this better, but it exists because the consumer complaints when banks didn't do this outweighed the few who wish to have payment vehicles actually expire.

Banks could do a better job of listing the recurring billers, companies could do a better job of making it easier for you to update payment info (en masse), and networks could stop hiding behind issuers and big TV ads and provide direct-to-consumer controls even for banks that don't choose to offer them.

Disclosure: at the time of this comment, I work for a bank.

[coldcode]

I guess the solution is to switch to another bank, VISA can't automatically figure this out.

[pbreit]

I don’t think it’s that crazy. Has worked exceedingly well for 75 years. Can’t say that about too many systems.

[obeattie]

The amount of fraud in the system is eye-watering. Everyone pays the price of that whether they realise it or not.