As others pointed out this is a rather standard flow handled by the account updater service[s]. What I would add is most of the time the merchant doesn't store your payment instrument data other than last 4 digits and an expiration date just so the card in your "digital wallet" can be identified in the UI - "Your Visa ending in ...1234" type deal.<p>Instead, they store a token provided to them by the payment processor which represents the card. That token stays the same even if your account info gets updated. So the only thing the merchant updates is the "metadata" of the payment instrument for end user's convenience. The actual heavy lifting associated with the update is handled on the payment processor side.<p>That said - from what I understand Amazon is a bit of an exception here and they actually store the full blown card info (other than CVV which is "illegal" to store) so they have to deal with the implications of account updates themselves.
Most acquirers support Account Updater. Here are some documents with more information for the major card brands:<p>Visa: <a href="https://usa.visa.com/dam/VCOM/download/merchants/visa-account-updater-product-information-fact-sheet-for-merchants.pdf" rel="nofollow">https://usa.visa.com/dam/VCOM/download/merchants/visa-accoun...</a><p>Mastercard: <a href="http://www.mastercard.com/ca/wce/PDF/ABU_Fact_Sheet_2011_EN.pdf" rel="nofollow">http://www.mastercard.com/ca/wce/PDF/ABU_Fact_Sheet_2011_EN....</a><p>Amex: <a href="https://icm.aexp-static.com/Internet/NGMS/US_en/Images/Cardrefresher_Product_Overview.pdf" rel="nofollow">https://icm.aexp-static.com/Internet/NGMS/US_en/Images/Cardr...</a><p>To my knowledge, you can't opt out as a consumer.
This is very common among almost all major eCommerce companies. Clickbait title, but the gist of this is to say, "Hey, we know you lose your card from time to time... and cards eventually expire (sometimes because of a security breach or other issue that you, the end-user, had nothing to do with). Rather than make you waste time going back through and updating every instance where you opted for the vendor / service provider to save your info, and risk you getting late fees or your electricity being turned off, let's just be smart and push updates to trusted stores that you have already opted to give your card to."<p>Nothing sinister going on here at all.
As others have said, it is very common in ecommerce. There are strict rules around the updates. Your bank knows why the new card was added. If the reason was simple (i.e. renewing because of expiration) then they share the new card with Account Updater. However, if your card was lost or stolen Account Updater will notify the subscribers but will not share the new card number. This prevents chargebacks and other common billing problems.
Good timing on this post! I just got a new card and was baffled by how Netflix was able to update my account details before I was.
Maybe I should be creeped out? But damn if it isn't convenient. (Who else finds themselves uttering this phrase with increasing regularity these days?)
Comcast was doing this with my account, however after they upgraded their backend late last year they reverted back to the old card number and silently failed to bill my card. So good to be aware that it's not completely seamless.
Never have done that, but some people think letting CCs expire on accounts to get out of contracts is the way to go.<p>With this it seems this isn't a viable route (anymore?).