29 comments

[ 106 ms ] story [ 1499 ms ] thread
Ahh yes, the old “it’s not a bug, it’s a feature!”
It is a feature, in the same way that all my subscriptions failing when my bank issues a new card would be a bug.

Perhaps if the Google rephrased their email to mention that this is to avoid interruption to your service it would seem less creepy.

It actually is a feature, though.

Having to go and update your recurring billing because your card changed (the expiration date passed, or your credentials leaked and a new number has to be issued) would be a huge pain in the ass.

I'd hope there are some controls here - in the case of a compromise, that only accounts that existed before the compromise occurred will be updated. But it strikes me that something that does the right thing 99% of the time should be welcomed.

> Having to go and update your recurring billing because your card changed (the expiration date passed, or your credentials leaked and a new number has to be issued) would be a huge pain in the ass

I can’t say I agree. What’s a huge pain in the ass is cancelling services, and now you have to cancel your entire credit account to know that your outstanding charges are canceled. That’s highly inconvenient.

It only updates the expiration date upon automatic renewal by the issuer and after an update a CVV2 reconfirmation is required (unless it’s a recurring transaction, saved account details and recurring transactions are different beasts) since the CVV2 has also been rotated.

Change of PAN due to a new card being issued whether it’s on the request of the costumer, lost or compromised card should not auto-update.

Not new, it's a rather old feature. It exists for Visa, Mastercard, and AMEX:

https://developer.visa.com/capabilities/vau

https://developers.mastercard.com/product/automatic-billing-...

https://network.americanexpress.com/globalnetwork/products-a...

Lots of companies update your data already from this data, not just Google. I guess it may just be a new feature where we email you about it when it's updated.

Edit: fun fact, the UK banking system has this for when you move to a new bank: https://www.bacs.co.uk/accountswitchingservice

(I'm a Googler working on payments, who has helped maintain the Account Updater feature, opinions are my own).

Ignoring the question - its a legal matter.

But this should be definitely a reminder that all data in your google associated accounts are automatically read and scanned. If you talk to "Johnny", you're also talking to "Google" as well.

What can you do? This is a good start https://restoreprivacy.com/google-alternatives/

EDIT: Seriously, -4 in 9 minutes over completely valid concerns? Google is no golden child - remember, they are doubleclick and more.

I will frequently close credit cards when I terminate a subscription service, like a gym membership, just to ensure vendors don't 'accidentally' continue to charge me. I guess Google has determined that my behavior is a bug and figured out a way to route around it.
It isn't just google and even then you're blaming the wrong entity. This is your credit card company. I'm sure this solves a particular problem for credit card companies by significantly reducing their middle-man involvement between a customer and business in regards to their contracts. However, this should absolutely be an opt-in feature.

Your behavior isn't a bug but it is atypical. Your workaround to an infrequent problem just requires a new step: closing and opening new credit card accounts.

I actually misspoke in my post. I report the card lost and get a new account number. I have dozens of open credit cards at any given time. It's easy enough to move on to the next one, and it works for me.
1) Do you really? You know that frequently opening and closing credit cards negatively impacts your credit score? Which means you could wind up paying far more money in the end for a mortgage, say?

2) If a vendor is "accidentally" charging you and you're actually in the right, chargebacks fix that instantly.

3) If you have an actual (multi-)year contract with a gym, cancelling your card doesn't get you out of that contract. Charges can often still be made to a closed card, you'll get bills from either the gym or your credit card provider, and it will go to a collections agency if you don't pay (and again, knock down your credit score).

I really hope you don't actually do this because you'd be harming yourself for zero actual benefit.

Ha, sorry, I misspoke. I mean I report the card lost, which closes that account number, but the account at the bank remains and my credit report remains unchanged.

You can only request a chargeback, and chargebacks only work sometimes. I've done maybe 10 in my life, and I think 1 out of those 10 didn't go through -- the bank sided with the merchant. And I think if you do too many, the banks get pissed off. So depending on chargebacks is not a panacea.

And I'm not talking about reneging on my responsibilities or contracts that I've entered into. I always resolve those.

Yeah, and PayPal updated my credit card number and kept all the same subscriptions attached to that account.
If vendors charge you after you unsubscribed, accidentally or not, they're in trouble. File a dispute (it's possible with debit cards, credit cards, SEPA, etc). You'll get a refund and the vendor will get a surcharge.

Furthermore, vendors with high dispute rates get shut down pretty quickly by payment processors. Your behaviour is harming you far more than it's helping.

This is a feature: You update your details and don't have to individually talk to every single service out there that use the old details.

Of course ideally banks would have a way to let the users control these types of features but, you know, banks suck.

That's only in theory. In practice, my solution is less hassle.
In practice, your solution is a major hassle. There are very good services that do what you do much better, such as https://privacy.com.
Yeah - this doesn't work. It surprised me too. The fact that Google is actually notifying you is a point in their favor. I've never heard of anybody else sending a notification. Good for them.
Point of order: Your bank told Google (and likely anyone else who is auto-billing your card) that your CC# or Expiration Date changed. Google did not solicit this information from the bank on your behalf.

Further Point of order: This is likely Visa (cc issuer) taking this action (in accordance with the terms of your agreement with them, no doubt) and not your bank.

(comment deleted)
Those are not points of order. They're a response to OP's question. You can just respond to them like a regular person.
There is a certain amusing concordance with correcting use of the phrase “point of order” and its meaning.
Mmm...seems to me that it was the Bank talking to Google...
If the bank issues the notice, it is inside the law. If google fished it out, it may not be.
My bank, in the terms of service included a small notice that they'd update account information through a Visa/MC network feature, and gave me an opportunity to opt out of the feature if I wanted to.

As with any ToS, it's buried under a sea of text, and it took a few readings of the notice to understand what it was actually claiming to do.

that's standard practice. everyone does it. amazon knows about my new card sooner than me.