We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
How did they get my new card details?
Options
Comments
-
pandacookie wrote: »The payment was for a one off payment of the premium, not a direct debit for monthly payments.
Still likely that the "old" details" would have been retained for the "renewal". This will be buried somewhere in the small print.
Without answering your original question, AFAIUI, a card replaced through the original card being declared "lost" cannot be used for subsequent (even CPA) transactions (confirmation anybody?), however card details changed by a routine or scheduled card replacement remain valid, so new number or old number makes no difference.
Of course how the supplier can become aware of the new details is interesting given that (as a previous poster pointed out) the bank is not a party to the CPA. However, the bank would need to be able to authorise (or pre-authorise) a CPA transaction based on the "old" details. I "speculate" that "pre-authorisation" could be the mechanism.0 -
When debit cards expire, the number doesn't usually change, just the expiry date. As most cards are valid for 3 years, it's simple for a company to assume the new expiry date and get it right. Continuous authority payments have to be cancelled with the beneficiary, they don't automatically stop when the card expires. Most insurance companies operate this system.0
-
My current (09/2011) Amex term 25.2 says, "Recurring transactions may be automatically charged to a replacement card without notice to you but please note that we do not provide replacement card information (such as card number and expiry date) to all merchants."
That "all" suggests that they might give them to some.
My previous Amex term 24.5 says, "Please note that we do not provide replacement card information (such as card number and card expiry date) to the merchant."
Maybe habits are changing? I can't see why this would be necessary if the merchant already has a continuous authority set up and the bank attaches it to an account rather than a particular number/expiry date. It certainly defeats the security advantage of assigning the cardholder responsibility for dissemination of card details: do we now have to react to a merchant report of data breach which occurred not only around the time we provided details but also around the time some bank provided updated details?0 -
My current (09/2011) Amex term 25.2 says, "Recurring transactions may be automatically charged to a replacement card without notice to you but please note that we do not provide replacement card information (such as card number and expiry date) to all merchants."
That "all" suggests that they might give them to some.
My previous Amex term 24.5 says, "Please note that we do not provide replacement card information (such as card number and card expiry date) to the merchant."
Maybe habits are changing? I can't see why this would be necessary if the merchant already has a continuous authority set up and the bank attaches it to an account rather than a particular number/expiry date. It certainly defeats the security advantage of assigning the cardholder responsibility for dissemination of card details: do we now have to react to a merchant report of data breach which occurred not only around the time we provided details but also around the time some bank provided updated details?
I think you have hit the nail on the head .... the information that the bank is allowed to give to a merchant who holds a continuous payment authority, will depend on the terms and conditions for your account.
The fact that the merchant in this case has got the new card details makes no difference to the fact that the payment authority would still have been valid even if they had used the old card details in their letter, since the authority continues even when a new card is issued.
So, if the T&Cs for the account state that the bank do not provide details of new cards to any merchant, and it is proved that the bank broke this condition, then there would be grounds for complaint / compensation under DPA legislation.This is a system account and does not represent a real person. To contact the Forum Team email forumteam@moneysavingexpert.com0 -
AFAIUI, a card replaced through the original card being declared "lost" cannot be used for subsequent (even CPA) transactions (confirmation anybody?),
You are mistaken. Since the original arrangement was valid, 'losing' or otherwise forcing a change of card does not invalidate them. Even closing the card doesn't affect them; you're still liable for future transactions within the arrangement.Conjugating the verb 'to be":
-o I am humble -o You are attention seeking -o She is Nadine Dorries0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.9K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards