I recently ran into difficulty at multiple sites updating an expired credit card with a new card that has the same account number but new expiration date and code. Is there some industry reason to not simply get a new account number?
The simplest answer is likely: paperwork and database changes. The impression here is that for many banks the card number has long been synonymous with its "primary key" in most of their databases and changing it would produce a ton of paperwork and a lot of database activity/churn and just don't have the concept of a "single" card (even though Ship of Theseus style it has many physical replacements, too) over time having multiple card numbers.<p>This is going to sound like an ad, but it's one of the things that's fascinating to me about Apple's Card in directly shifting that: the Apple Card uses "virtual numbers" and has different card numbers for all of its different ways to pay (the Apple Pay NFC, the magnetic stripe on the physical card, the EMV chip on the physical card, and the card number the app gives you for use in manual entry situations such as website payments or vendor's cash register is offline payments). At any time in the app you can push a button to generate a new card number for some of these. The CVV code for the manual card number is setup to change frequently (much more frequently than the expiration date) and there's even a setting to have the application change it automatically and frequently (once every few days). Subscriptions remain authorized when the CVV code changes, but it makes it tougher for someone to skim that manual entry card number from you and be able to use it new authorizations for more than a few days. (The CVV code basically becomes a mini-TOTP 2FA.)<p>I'm hoping more cards learn some of these lessons from Apple Card and "virtual card numbers" become more common.
One could ask why do we even bother with credit card numbers at all? I could imagine a future where we use asymmetric encryption to purchase items and rotate the keys periodically and transparently. If your private key becomes compromised you can authenticate with the issuer the old fashioned way and regenerate the keys. I assume Apple Pay, Google Pay, etc. are using some variation of this scheme (correct me if I am wrong).
I always assumed the expiration date on card was somewhat of a holdover from before online transaction verification was the norm. The bank would assuredly refuse to renew a card that was in default, so the user couldn't just keep using it at merchants that were still using paper slips.<p>Though a new account number is not quite as much of a big deal as it may seem. The issuers publish lists of old->new mappings, so that processors and merchants can update records, and some networks/issuers will accept reoccurring transactions on old numbers, as long as those were started before the number was issued.<p>It's kind of amazing what the issuers and networks will accept.
After reading a number of comments that seem to be like this is the norm, it makes my experience odd because every bank I've been with has cycled my card number with every new card.<p>once got locked out of my Amazon account for what feels like a year because my security gateway way the 16 digits for a card that expired in 2019, which I had without a doubt already shred
I run a small bank in France and we cycle the whole card everytime: numbers (called PAN), expiry date and CVV. The costs with Visa, manufacturing partner and processing partner is negligible (compared to keeping the PAN).
Every bank I know in the EU is doing the same.
wouldnt changing the number break continuity in subscriptions / recurring?<p>Also wouldnt't it increase the barrier to use that card? (albeit still have to enter expiry/cvv , but it's less than if you use a new competitor card)
bank account != card<p>The bank account is linked to your agreement & contract, the card is a medium to access the account.
It is not on the card issuer's (Visa, Mastercard, etc) interest to constantly be generating new card #s, as each has a non-trivial cost (administratively).<p>It also makes things easy for the opposite case, Visa & Mastercard have an auto-updater program where if a card is replaced due to expiration, they auto-port subscriptions to the new card to avoid service disruptions. [This is not available everywhere, and depends on the merchant & payment processor, but it exists]
You <i>don't</i> get a new card with a totally different number?!<p>In my country AFAIK new card means new number. And yes, it's upto you to fix your subscriptions.<p><i>Have I been living under a rock?</i>