OK, sounds like there was an unfortunate cock up in your particular instance. The new card details should only be sent by the issuer and used by the merchant when you have activated your new card.
Got something to say or just want fewer pesky ads? Join us... 😊
O/T Think your credit card expires at the end of the expiry date month? Think again!
- Thread starter Goldstone1976
- Start date
OK, sounds like there was an unfortunate cock up in your particular instance. The new card details should only be sent by the issuer and used by the merchant when you have activated your new card.
- Thread starter
- #22
The guy at JLFS said that they routinely send the new card details to companies like Uber at the same time as the replacement card is sent to the issuer's customer. It's definitely a cock up by Uber, using the new card so early, but it doesn't sound like it was a cock up by JLFS in sending them the details when they did - just standard practice.
Shropshire Seagull
Well-known member
I have a CC linked to my PayPal account - this did NOT get updated when I was issued with a new card.
I too work in this industry, and I have to say I have never heard of this practice from card issuers.
It is against data protection and potentially PCI compliance to issue a new card and allow a supplier to store it without the cardholders permission. You have given express permission to use one payment card, but when the number changes on renewal (if it does) - the expiry date of the card effectively ends the permission you have given until you as the customer give the permission again. It is certainly not up to the card issuer to determine that is what you want to do - irrespective of the intentions.
It is against data protection and potentially PCI compliance to issue a new card and allow a supplier to store it without the cardholders permission. You have given express permission to use one payment card, but when the number changes on renewal (if it does) - the expiry date of the card effectively ends the permission you have given until you as the customer give the permission again. It is certainly not up to the card issuer to determine that is what you want to do - irrespective of the intentions.
beorhthelm
A. Virgo, Football Genius
- Jul 21, 2003
- 36,018
i can see the benefits, yet i have always had to provide new details for insurance, Amazon when cards expire. odd.
It's entirely dependent on whether the merchant has opted into the product via their payment provider. I don't think it's particularly prevalent here in the UK yet. I'm sure Amazon will have it very soon.
beorhthelm
A. Virgo, Football Genius
- Jul 21, 2003
- 36,018
there's another thing, if send details shirley they'd be sent a file with thousands of cards renewed that month and process it as a batch - not just update Mr Goldstone1976.
- Thread starter
- #28
This is what I was implying in the last sentence of my OP: "Bigger issue: wtf are credit companies doing, giving my card details to anyone, at any time?"
I can see the customer service angle, but, afaik, I've never said its ok to send the details of my replacement card to a random (from my perspective) selection of the issuer's customer to ease an administrative burden. I say afaik, because it's been some time since I read the T&Cs - maybe there's something to that effect in them? Or in the letter that comes with the replacement card? I doubt it though.
The facts of my case are:
I authorised Uber to use my card expiring 06/17, some time ago. They've used it many times over the last year or more.
I received a replacement card (same number, exp 06/20, different 3 digit code) about a month and stuck it in a drawer, intending to activate it around about now.
I took a journey with Uber on 15/6. Uber emailed me last night, saying my payment had been declined.
I phoned JLFS this morning and asked what happened. After some confusion, the story settled on the fact that Uber had tried to use my new card (JLFS specified the expiry date that Uber had tried to use was 06/20) three times, all for the same amount, on 15/6, 16/6, and yesterday and that JLFS had declined the card every time "because it hadn't been activated".
I asked, inter alia, how Uber had got my new card's details, when I hadn't even looked at it yet. After getting dangerously close to accusing me of lying, I got the call centre woman to transfer me up the chain. Eventually, I got to a manager, who told me the story I've outlined earlier. I accepted this story, as it's the only one that makes any logical sense, absent Uber hacking JLFS systems.
I still haven't got to an answer about how are issuers' customers supposed to know which companies they use are going to start trying to use their new card's details, and when they are going to do so. Nor did I receive an answer to the question I posed that went: "I have a valid credit card on file with Uber. You gave them details of a new one, without my knowledge or, afaik, permission. They updated their system with the new details and tried to use it. Why did you not honour it, given the fact that you provided them with the details?" The only response I got was "uber shouldn't have uploaded it yet". No reply to "Ok, but you're complicit too. It was you who sent them my cc details".
I do suspect there's some sailing fairly close to the wind by JLFS (other FS companies too, according to JLFS) in regard to sending out replacement card details. I have no current desire to stir things up for them. Note:current.
- Thread starter
- #29
Yep. The manager confirmed that they send a batch file of all the cards that are soon (although "soon" = 4-6 weeks away)to expire to their "big customers, like Amazon and Uber". I did ask whether my issue arose often. He confirmed that I wasn't the first.
Presumably (I didn't ask), they only send details of replacement cards to say, Amazon, if the issuer's customer has used their existing card to buy from Amazon. It's a whole different thing if they send replacement card details to say, Amazon, if the issuer's customer has never shopped with Amazon!
Creaky
Well-known member
I know it doesn't address the point of the thread but I'm curious as to the thinking behind not activating your card when you received it.
- Thread starter
- #31
Only because I had an existing card from the supplier with 6-ish weeks validity left on it and was busier a month ago than I am now.
I do realise that had I activated it upon receipt, none of this would have happened; but that's no excuse for the credit card issuer to send the new card's details to a list of their customers without telling me or, afaik, asking my permission. As an aside, neither is it a excuse for Uber to start using it prior to the expiry of the card they already have on file and have used multiple times in the past.
Cian
Well-known member
I imagine there's a clause in the T&Cs that nobody reads about it being considered as such. Never used it (as all the cars are just taxis here anyway) so can't confirm that. But yes, it shouldn't be considered one.
Many people use cards in lieu of direct debits - I pay my cable and mobile bills by card payment to collect Avios for instance; and that was the thinking behind allowing this in general - to stop payments bouncing when a card changes, except clearly the exact opposite occured.
Your understanding matches my own. What's being described here is not compatible with my understanding of the current UK / EU law on Data Protection, let alone the new GDPR laws that come into effect next year. Unless you've explicitly given permission to the card issuer to provide updates to companies you've purchased from, they are breaching Data Protection rules by sending *any* information to a third party. It's that simple.
- Thread starter
- #34
Ok. Well, I can categorically state that I have not given explicit, knowing permission, which leaves us with three options (unless others can think of more):
1 it's in their standard T&Cs, which I've accepted by using the card.
2 I've received a letter (perhaps with the card), saying "... if you don't tell us otherwise, we're going to let our big customers know..."
3 they're acting illegally.
beorhthelm
A. Virgo, Football Genius
- Jul 21, 2003
- 36,018
thinking about it, it may be reasonable to consider the Credit Card number to be their information since they issue it. so conceivably they could issue an update say where customer is xyz (<- hashed version of the actual name) change number 123 to 456. because you wouldnt want to send out a file with thousands of names and numbers anyway.
- Thread starter
- #36
Yes, possibly so. But I know for a fact that they sent the expiry date. When I updated my Uber account today, I also had to update the cvv number. Presumably, in order to have any use to Uber, JLFS would have also had to supply the new cvv to Uber too.
Even that sounds dodgy to me. I certainly don't want my card details (even completely anonymised) being sent around between companies without my express permission. It's certainly not something I've ever encountered in the past, and I have my cards stored with a range of big-name companies. I've had, or currently have, HSBC, Nationwide, and Amex cards and none of those have ever been auto-updated when they've expired. I've always had to manually re-enter the details myself. At one point I even had two cards from the same account registered at Amazon: the old expired one that was completely useless, and the new replacement card that I'd had to enter manually because the old one had expired. Because I'm lazy it took me ages to go in and delete the old card myself.
beorhthelm
A. Virgo, Football Genius
- Jul 21, 2003
- 36,018
wasnt saying it happens, speculating how it might be possible to achive without breaching data protection law. an awful lot of anonymised data about us is sent between companies without our permission or any awareness it even occurs.
Didn't think you were, was just commenting on the idea itself. Bring on GDPR (as much as it's going to make my own job a ballache for the next year or so making sure we're fully compliant and doing so in a way that doesn't get confusing for our members).