We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide

Sharing Banking Details without permission

I recently received a new debit card (from Santander) as my old one had expired. As instructed I activated it in an ATM. Using my mobile I then changed my account details on my Apple Pay, National Lottery account and my Electricity supplier. As a gamer I was on my Xbox the next day and went to purchase credits for a game. However, I was surprised to find that all my 'NEW' debit card details had already been registered with Xbox as well as my 3 digit Validation number even though I had not changed my account details for Xbox. On contacting my Bank I was informed that there was NO security breach as customers who have a subscription account with such companies as Xbox can have their details updated by that company contacting the Bank for updated details. Is this a breach of Data protection? Are others aware of this and experienced similar? 
I find it disturbing that a Company can access my new card details without asking permission as this has to be open to breach of security. 

I am interested if anyone has experienced the same as well as any advice on the matter.

Regards 

Daniel 

Comments

  • Lomast
    Lomast Posts: 879 Forumite
    Part of the Furniture 500 Posts Name Dropper
    No it is not a breach it is called continuous payment authority 
  • user1977
    user1977 Posts: 19,209 Forumite
    10,000 Posts Seventh Anniversary Photogenic Name Dropper
    Of course it isn't a breach of data protection, or a security risk - if it were, the banks wouldn't be doing it. You've signed up with these merchants and already given them authorisation to debit your account.
  • ThisnotThat
    ThisnotThat Posts: 500 Forumite
    500 Posts Name Dropper
    DanDi said:
    I recently received a new debit card (from Santander) as my old one had expired. As instructed I activated it in an ATM. Using my mobile I then changed my account details on my Apple Pay, National Lottery account and my Electricity supplier. As a gamer I was on my Xbox the next day and went to purchase credits for a game. However, I was surprised to find that all my 'NEW' debit card details had already been registered with Xbox as well as my 3 digit Validation number even though I had not changed my account details for Xbox. On contacting my Bank I was informed that there was NO security breach as customers who have a subscription account with such companies as Xbox can have their details updated by that company contacting the Bank for updated details. Is this a breach of Data protection? Are others aware of this and experienced similar? 
    I find it disturbing that a Company can access my new card details without asking permission as this has to be open to breach of security. 

    I am interested if anyone has experienced the same as well as any advice on the matter.

    Regards 

    Daniel 
    It's not a breach, it's a feature provided by the card issuers.

    https://developer.visa.com/capabilities/vau
    https://developer.mastercard.com/product/automatic-billing-updater-abu/
  • Sandtree
    Sandtree Posts: 10,628 Forumite
    10,000 Posts Fourth Anniversary Name Dropper
    DanDi said:
    as well as my 3 digit Validation number 
    How do you know this is the case?

    As others have said, giving a company a continuous payment authority (somewhat similar to a DD, or at least thats the idea), enables them to receive new card details etc and allows you to cancel the payment authority with the bank. However a payment under a CPA doesn't require things like the CCV or even expiry rate.
  • born_again
    born_again Posts: 23,052 Forumite
    10,000 Posts Sixth Anniversary Name Dropper
    The companies do not contact the banks. They request the details from either Visa or Mastercard via the account updater system.
    Life in the slow lane
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 353.6K Banking & Borrowing
  • 254.2K Reduce Debt & Boost Income
  • 455.1K Spending & Discounts
  • 246.7K Work, Benefits & Business
  • 603K Mortgages, Homes & Bills
  • 178.1K Life & Family
  • 260.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.