Ask HN: When a credit card expires why does the bank not issue a new number? I recently ran into difficulty at multiple sites updating an expired credit card with a new card that has the same account number but new expiration date and code. Is there some industry reason to not simply get a new account number? |
This is going to sound like an ad, but it's one of the things that's fascinating to me about Apple's Card in directly shifting that: the Apple Card uses "virtual numbers" and has different card numbers for all of its different ways to pay (the Apple Pay NFC, the magnetic stripe on the physical card, the EMV chip on the physical card, and the card number the app gives you for use in manual entry situations such as website payments or vendor's cash register is offline payments). At any time in the app you can push a button to generate a new card number for some of these. The CVV code for the manual card number is setup to change frequently (much more frequently than the expiration date) and there's even a setting to have the application change it automatically and frequently (once every few days). Subscriptions remain authorized when the CVV code changes, but it makes it tougher for someone to skim that manual entry card number from you and be able to use it new authorizations for more than a few days. (The CVV code basically becomes a mini-TOTP 2FA.)
I'm hoping more cards learn some of these lessons from Apple Card and "virtual card numbers" become more common.
Though a new account number is not quite as much of a big deal as it may seem. The issuers publish lists of old->new mappings, so that processors and merchants can update records, and some networks/issuers will accept reoccurring transactions on old numbers, as long as those were started before the number was issued.
It's kind of amazing what the issuers and networks will accept.
once got locked out of my Amazon account for what feels like a year because my security gateway way the 16 digits for a card that expired in 2019, which I had without a doubt already shred
Also wouldnt't it increase the barrier to use that card? (albeit still have to enter expiry/cvv , but it's less than if you use a new competitor card)
The bank account is linked to your agreement & contract, the card is a medium to access the account. It is not on the card issuer's (Visa, Mastercard, etc) interest to constantly be generating new card #s, as each has a non-trivial cost (administratively).
It also makes things easy for the opposite case, Visa & Mastercard have an auto-updater program where if a card is replaced due to expiration, they auto-port subscriptions to the new card to avoid service disruptions. [This is not available everywhere, and depends on the merchant & payment processor, but it exists]
Anecdote, but my bank (not in the US) does issue virtual/single use cards with new numbers and CVV on a simple click.
They also issue a new card number on expiration too.
In my country AFAIK new card means new number. And yes, it's upto you to fix your subscriptions.
Have I been living under a rock?