Sharing Banking Details without permission

DanDi

I recently received a new debit card (from Santander) as my old one had expired. As instructed I activated it in an ATM. Using my mobile I then changed my account details on my Apple Pay, National Lottery account and my Electricity supplier. As a gamer I was on my Xbox the next day and went to purchase credits for a game. However, I was surprised to find that all my 'NEW' debit card details had already been registered with Xbox as well as my 3 digit Validation number even though I had not changed my account details for Xbox. On contacting my Bank I was informed that there was NO security breach as customers who have a subscription account with such companies as Xbox can have their details updated by that company contacting the Bank for updated details. Is this a breach of Data protection? Are others aware of this and experienced similar? 
I find it disturbing that a Company can access my new card details without asking permission as this has to be open to breach of security. 

I am interested if anyone has experienced the same as well as any advice on the matter.

Regards 

Daniel 

Lomast

No it is not a breach it is called continuous payment authority 

user1977

Of course it isn't a breach of data protection, or a security risk - if it were, the banks wouldn't be doing it. You've signed up with these merchants and already given them authorisation to debit your account.

ThisnotThat

DanDi said:

I recently received a new debit card (from Santander) as my old one had expired. As instructed I activated it in an ATM. Using my mobile I then changed my account details on my Apple Pay, National Lottery account and my Electricity supplier. As a gamer I was on my Xbox the next day and went to purchase credits for a game. However, I was surprised to find that all my 'NEW' debit card details had already been registered with Xbox as well as my 3 digit Validation number even though I had not changed my account details for Xbox. On contacting my Bank I was informed that there was NO security breach as customers who have a subscription account with such companies as Xbox can have their details updated by that company contacting the Bank for updated details. Is this a breach of Data protection? Are others aware of this and experienced similar? 
I find it disturbing that a Company can access my new card details without asking permission as this has to be open to breach of security. 

I am interested if anyone has experienced the same as well as any advice on the matter.

Regards 

Daniel 

It's not a breach, it's a feature provided by the card issuers.

https://developer.visa.com/capabilities/vau
https://developer.mastercard.com/product/automatic-billing-updater-abu/

Sandtree

DanDi said:

as well as my 3 digit Validation number 

How do you know this is the case?

As others have said, giving a company a continuous payment authority (somewhat similar to a DD, or at least thats the idea), enables them to receive new card details etc and allows you to cancel the payment authority with the bank. However a payment under a CPA doesn't require things like the CCV or even expiry rate.

born_again

The companies do not contact the banks. They request the details from either Visa or Mastercard via the account updater system.