Interesting banking industry practice uncovered.

Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor.

To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification.

If investing please consider our affiliate link for new accounts: Sharesies.

Forums › Finance and wealth management › Interesting banking industry practice uncovered.

OldGeek

989 posts

Ultimate Geek
+1 received by user: 409

ID Verified

Lifetime subscriber

#323403 28-Nov-2025 18:20

I recently had an unauthorised transaction applied to my credit card account. The circumstances have turned it into an interesting test of privacy with my bank.

I had an annual subscription with merchant A, based in Dublin. They billed a renewal to a credit card number that had been cancelled (0866), without any prior warning and at double the rate of the previous year. If I had known about this prior to the renewal date I would have cancelled before the renewal date. No notification was received, either before or after the transaction was processed. A uses payment provider B.

I see a billed amount on my credit card account applied to my current credit card number (7824). The record of charge includes the name of the subscription ('Starter') and a number that starts with a +. Google on the number shows a website that supplies the name of the owner of a phone number, this turns out to be A.

The credit card number registered by me as a payment method on A's website is an old (0866), now cancelled, credit card number. The receipt for the renewed subscription shows the same (cancelled) credit card number. So how come the transaction was honoured? Why was it not rejected as an inactive credit card number?

So I take up the issue with my card issuer (NZs most profitable bank). They explained that the bank routinely advises 3rd-party payment providers (such as B) that credit cards number have been cancelled and replaced (ie when 0866 was cancelled and 7824 issued), so transactions placed against a cancelled credit card number could be modified to be charged to the replacement credit card number. My only course of action with the bank is to dispute the charge. This requires me to agree that my current credit card number (7824) be cancelled and a new card issued (9110). When I asked why, given that the bank would again advise the same payment platform of the change from 7824 to 9910, they just said that is the way it is. The bank has refused to take any corrective action.

I have raised an issue with the Banking Ombudsman on the basis that the bank has no business advising anyone that a credit card number is no longer is use, replaced by a new number. Who gets to know about the new number is my sole prerogative, based on where I use the card and merchants I give it to. Payment providers need only know if a card number is valid or not for payments.

I would be most interested to hear any feedback only from anyone else who may have been through this scenario, and what the result was.

--

OldGeek.

Quic referal code: https://account.quic.nz/refer/581402 and use this code for free setup: R581402E48MJA

1 | 2 | 3 | 4 | 5 | 6

11094 posts

Uber Geek
+1 received by user: 6071

Trusted

Lifetime subscriber

#3438325 28-Nov-2025 18:25

I've run into the same thing, years ago. At the time I thought it made a mockery of cancelling a card in the first place, and my opinion has not changed. Of course the bank would just point to the terms and conditions instead of actually taking responsibility.

Qazzy03

545 posts

Ultimate Geek
+1 received by user: 491

#3438326 28-Nov-2025 18:40

Answer: Tokenised transaction. Here is an NZ news story that follows your use case and the explanation.

ASB's media team said: "When the customer signs up with a merchant (in this example, your Disney+ subscription) they authorise the merchant to take the regular subscription amount from their bank account.

"The card details they provide are used to identify the bank account the money should be withdrawn from. A payment token then replaces the card details with a digital account number that is valid for an extended period of time and is linked to the underlying bank account, rather than a physical card."

... Solution for it not to happen again....

I have learnt from Visa that you can ask your bank to opt out of tokenised transactions. I'm sure ASB will be pleased to hear from me again.

https://www.1news.co.nz/2024/02/17/beware-the-curse-of-uncancelled-subscriptions-and-banking-tools

richms

29098 posts

Uber Geek
+1 received by user: 10208

Trusted

Lifetime subscriber

#3438331 28-Nov-2025 18:53

One thing I would love to opt out with ASB is their crap when ever you use the card online for food it goes off to some site that insists on sending a code to me by SMS to only one of my contact numbers and having an _8_ digit number entered to proceed with buying the $40 worth of food.

Richard rich.ms

cddt

1965 posts

Uber Geek
+1 received by user: 1904

#3438332 28-Nov-2025 18:54

Previous post on GZ about this https://www.geekzone.co.nz/forums.asp?forumid=191&topicid=298812

My referral links: BigPipe | Mercury

Qazzy03

545 posts

Ultimate Geek
+1 received by user: 491

#3438341 28-Nov-2025 19:50

cddt:

Previous post on GZ about this https://www.geekzone.co.nz/forums.asp?forumid=191&topicid=298812

Good shout,

@michaelmurfy answer might be another avenue.

Most banks now support VAU which means unless if you mention it, trusted merchants like Microsoft will transfer their billing to your new card: https://developer.visa.com/use-cases/identify-merchants-receiving-automatic-card-updates.

I could take a punt in guessing your bank is ANZ? If so you need to talk to their fraud team about manually removing the VAU links.

OldGeek

989 posts

Ultimate Geek
+1 received by user: 409

ID Verified

Lifetime subscriber

#3438346 28-Nov-2025 20:20

Wow - a minefield. So I intend to do 2 things:

Pursue this through the banking ombudsman, and if necessary through the Privacy Commissioner. Generally I am up for not letting go when it comes to banking practices I disapprove of..
Every time I subscribe to anything, cancel the day after. In all my experiences with subscription cancellation, the subscription remains intact (service cointinues, no refunds), what is actually cancelled is automatic renewal.

Yes the bank is the ANZ. Thanks for all the feedback.

--

OldGeek.

Quic referal code: https://account.quic.nz/refer/581402 and use this code for free setup: R581402E48MJA

New World

Shop on-line at New World now for your groceries (affiliate link).

Senecio

2851 posts

Uber Geek
+1 received by user: 3159

ID Verified

Lifetime subscriber

#3438352 28-Nov-2025 21:16

Personally I approve of this behaviour. Nothing more annoying than being issued a new physical card to then go through dozens of places to update your payment details to still miss some and end up having payments missed for importnat things like insurances etc...

The onus is on us to cancel anything that we no longer want rather than leave it up to the bank to decline payment from an old card.

richms

29098 posts

Uber Geek
+1 received by user: 10208

Trusted

Lifetime subscriber

#3438354 28-Nov-2025 21:18

Senecio:

Personally I approve of this behaviour. Nothing more annoying than being issued a new physical card to then go through dozens of places to update your payment details to still miss some and end up having payments missed for importnat things like insurances etc...

The onus is on us to cancel anything that we no longer want rather than leave it up to the bank to decline payment from an old card.

The issue is they don't give you a way to cancel it.

Paypal is better, its why I use it wherever possible as it will let me revoke authority for anyone, will try thru multiple cards till if finds one that works, and no chance of random websites grabbing my card details and sending them to bad actors because they were slack with updating one of their plugins.

Richard rich.ms

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#3438381 28-Nov-2025 22:57

richms: The issue is they don't give you a way to cancel it.

I don’t think any bank in NZ allows the user to directly cancel this.

But, you can indeed cancel them. This often has to be done via the call centre.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

OldGeek

989 posts

Ultimate Geek
+1 received by user: 409

ID Verified

Lifetime subscriber

#3438421 29-Nov-2025 10:23

Senecio:

Personally I approve of this behaviour. Nothing more annoying than being issued a new physical card to then go through dozens of places to update your payment details to still miss some and end up having payments missed for importnat things like insurances etc...

The onus is on us to cancel anything that we no longer want rather than leave it up to the bank to decline payment from an old card.

This is not about subscription management. It is about the card issuer telling the payment world without your permission that your new card replaces an old one, rendering your new card as compromised to fraudsters as your old one was?

--

OldGeek.

Quic referal code: https://account.quic.nz/refer/581402 and use this code for free setup: R581402E48MJA

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#3438434 29-Nov-2025 11:12

OldGeek: This is not about subscription management. It is about the card issuer telling the payment world without your permission that your new card replaces an old one, rendering your new card as compromised to fraudsters as your old one was?

I respectfully disagree here...

I do agree banks should give direct access to customers to manage VAU but companies that use VAU are often trusted, large corporations and are often not related to fraud. These are often subscriptions like Netflix, YouTube Premium, Xbox Live, Playstation Plus, Spotify etc where customers would want them to continue onto the next card. An online casino won't be getting onboarded to VAU anytime soon.

You haven't mentioned what the subscription was but they're not normally linked to fraud. The most common reason for "fraud" here is a family member linking a subscription to the wrong card. It is rare somebody outside of the household would start up a subscription from stolen card credentials as that subscription simply won't last.

Not saying this happened in your case but I do see value in VAU for subscription management. It's a feature and not something that is often linked to fraud cases.

If you wanted to avoid this, and this is what I personally do with some subscriptions then fire up a virtual card with a spend limit using Revolut and use that for subscriptions.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

geek3001

220 posts

Master Geek
+1 received by user: 330

ID Verified

Subscriber

#3438438 29-Nov-2025 11:29

michaelmurfy:

OldGeek: This is not about subscription management. It is about the card issuer telling the payment world without your permission that your new card replaces an old one, rendering your new card as compromised to fraudsters as your old one was?

I respectfully disagree here...

I do agree banks should give direct access to customers to manage VAU but companies that use VAU are often trusted, large corporations and are often not related to fraud. These are often subscriptions like Netflix, YouTube Premium, Xbox Live, Playstation Plus, Spotify etc where customers would want them to continue onto the next card. An online casino won't be getting onboarded to VAU anytime soon.

You haven't mentioned what the subscription was but they're not normally linked to fraud. The most common reason for "fraud" here is a family member linking a subscription to the wrong card. It is rare somebody outside of the household would start up a subscription from stolen card credentials as that subscription simply won't last.

Not saying this happened in your case but I do see value in VAU for subscription management. It's a feature and not something that is often linked to fraud cases.

If you wanted to avoid this, and this is what I personally do with some subscriptions then fire up a virtual card with a spend limit using Revolut and use that for subscriptions.

I tend to agree with @OldGeek here.

I can definitely see a benefit of the VAU notification process, where an existing card is routinely renewed as its programmed expiry approaches, and where the card account number / PAN remains the same.

I would strongly disagree with the VAU process updating merchants when a completely new card with completely new PAN is issued, without telling me. I could see issues with that when the merchant causing the questionable or unauthorised transaction does so again, with one finding oneself in the position of having to again cancel the new card, perhaps in multiple cycles until the troublesome merchant finally stops abusing the system. This of course assumes that I have formally told that merchant to stop billing. I would expect a completely new card to put a stop to unauthorised merchant transactions, however the VAU process seemingly breaks that expectation.

I have requested stopping of the VAU process on my credit cards at the big-four NZ banks, with a couple telling me that cannot be done.

Perhaps I have the wrong end of the stick, however I welcome further clarification of the VAU process.

OldGeek

989 posts

Ultimate Geek
+1 received by user: 409

ID Verified

Lifetime subscriber

#3438440 29-Nov-2025 11:43

michaelmurfy:

I respectfully disagree here...

I do agree banks should give direct access to customers to manage VAU but companies that use VAU are often trusted, large corporations and are often not related to fraud. These are often subscriptions like Netflix, YouTube Premium, Xbox Live, Playstation Plus, Spotify etc where customers would want them to continue onto the next card. An online casino won't be getting onboarded to VAU anytime soon.

You haven't mentioned what the subscription was but they're not normally linked to fraud. The most common reason for "fraud" here is a family member linking a subscription to the wrong card. It is rare somebody outside of the household would start up a subscription from stolen card credentials as that subscription simply won't last.

Not saying this happened in your case but I do see value in VAU for subscription management. It's a feature and not something that is often linked to fraud cases.

If you wanted to avoid this, and this is what I personally do with some subscriptions then fire up a virtual card with a spend limit using Revolut and use that for subscriptions.

The company is Fing, but it was hard to find this. The ROC on my credit card had text of "Starter +<numeric digits>". It now shows only "Starter Dublin Ie". I used google on the +<numeric digits> and this gave me a website that reported this as an Irish phone number used by Fing. I logged into Fing and found the transaction processed against an old card, with an acknowlegement of Stripe as their payment provider. The amount billed was double last years subscription, and I never got a renewal notification email. I have 'cancelled' my subscription, removed all 'payment methods' from my Fing account.

I also had to use Google to work out what VAU was (Visa Account Updater). In my view there is no such thing as a 'trusted' when it comes to third parties and payments. I will let the Banking Ombudsman process continue, but the ultimate solution for me is to opt out of VAU services. The inconvenience of missed subscription renewals is tiny compared to having the Visa 'trusted' world told about my new credit card number.

--

OldGeek.

Quic referal code: https://account.quic.nz/refer/581402 and use this code for free setup: R581402E48MJA

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3438446 29-Nov-2025 12:26

OldGeek:

In my view there is no such thing as a 'trusted' when it comes to third parties and payments. I will let the Banking Ombudsman process continue, but the ultimate solution for me is to opt out of VAU services. The inconvenience of missed subscription renewals is tiny compared to having the Visa 'trusted' world told about my new credit card number.

OldGeek:

This is not about subscription management. It is about the card issuer telling the payment world without your permission that your new card replaces an old one, rendering your new card as compromised to fraudsters as your old one was?

Neither Visa or banks are telling anhone your new card number. The company you subscribed services from have a token that authorises then to charge your card (and any replacements) for services rendered.

This means changing card numbers don't automatically end an agreed subscription. The client needs to actively cancel the subscribption.

Imagine the inconvenience of changing a card number because of fraud (usually one off, unauthorised transactions) and having the legwork to change the card number everywhere - ISP, electricity, water, streaming services, insurance, etc.

These tokens are only established with reputable companies. Fraudsters don't have access to these.

I don't see anything wrong here.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

loceff13

1089 posts

Uber Geek
+1 received by user: 340

#3438448 29-Nov-2025 12:32

I'm not a fan of how hard banks make it to opt out/remove the auth by calling etc, in a digital world that should be able to be managed online.

1 | 2 | 3 | 4 | 5 | 6