I got an email from OnStar the other day saying it contacted my bank and updated my card info because I had gotten an old card and hadn’t updated the info, I don’t pay for OnStar but the dealership MAKES you set it up even if you don’t use it.
How the fuck are they allowed to contact my bank and get information like that? Weirded my TF out to say the least.
They did that to me. I specifically gave them a card I knew was going to expire before the trial period was over and they got the new information anyway.
If I remember correctly, it’s a “feature” the credit card companies have so your subscriptions don’t lapse.
This is more based on authorization vs CC details. It’s much safer for a company than holding onto credit card numbers. Creating a subscriptions generates an authorization code which is good for the account, not just a specific card number. Revoking that authorization is a separate call to the bank rather than just having a credit card replaced.
That authorization shouldn’t be indefinite either though. After three years of no activity and a card expiring, OnStar was still able to make a charge to renew that trial subscription.
And looking around the web, there are a few stories from that 2016 time frame to indicate that it was a new-ish, or at least not well known, practice at the time.
You created an authorization code which is independent from the credit card details. The authorization code doesn’t get revoked automatically when a card expires or a new card issued.
Jesus tap dancing christ. I understand the difference between CC + CCV + expiry date and an oauth token (or whatever protocol they’re using for identification and authentication). I’m saying that not expiring auth codes when new cards are issued is a security and privacy issue. Users should ideally be given a switch to opt in to behavior like that. It should not be the default.
Credit cards have actually been doing that for years. It’s a feature for recurring payments to reduce the amount of trouble users had when their CC number was compromised or it expired.
Yeah, it sucks too. A couple years ago I was trying to get out of a Sirius Satellite subscription I had opted into during the height of the rony 'rona.
Instead of sitting on the phone with CSRs for hours on end while they pass me around and offer me incentives to stay, I thought I’d be smart and report that my credit card was lost. (At the time you couldn’t disenroll online, that changed I happily found out a few months ago)
Joke was on me though. Sirius updated my new card info, and I was without a credit card for ~8 days.
I’m not sure when you purchased your vehicle, but when I purchased my vehicle Dec 2022 I had to do that OnStar setup crap as well and just denied giving them any information. They said I wouldn’t be able to get this or that but I didn’t care so they didn’t get that information. It took about 15 minutes with the person on the other side being a bit confused but just gave up when I said it the like 5th time.
Either way they don’t need that information at any time unless you want their free trials that are almost never worth it.
Honestly that shouldn’t weird you out too much, that’s just a convenience feature. And yeah, I know, some people put quotes around the word convenience. But others actually just use the word as is, a convenience.
What should freak the hell out of you is when you and your significant other are in the car talking about buying a new pair of tennis shoes, and then that evening when you’re sitting at home YouTube shows you a commercial for tennis shoes, when you’ve never seen any ads for tennis shoes on YouTube before.
I got an email from OnStar the other day saying it contacted my bank and updated my card info because I had gotten an old card and hadn’t updated the info, I don’t pay for OnStar but the dealership MAKES you set it up even if you don’t use it.
How the fuck are they allowed to contact my bank and get information like that? Weirded my TF out to say the least.
They did that to me. I specifically gave them a card I knew was going to expire before the trial period was over and they got the new information anyway.
If I remember correctly, it’s a “feature” the credit card companies have so your subscriptions don’t lapse.
How is that fucking legal?
This is more based on authorization vs CC details. It’s much safer for a company than holding onto credit card numbers. Creating a subscriptions generates an authorization code which is good for the account, not just a specific card number. Revoking that authorization is a separate call to the bank rather than just having a credit card replaced.
That authorization shouldn’t be indefinite either though. After three years of no activity and a card expiring, OnStar was still able to make a charge to renew that trial subscription.
And looking around the web, there are a few stories from that 2016 time frame to indicate that it was a new-ish, or at least not well known, practice at the time.
Yeah and it’s very useful, looks like this place is just as bad with the kids as that other place.
The fuck are you talking about?
The fact people here don’t even understand how credit cards work is a pretty big sign my guy….
The fact that you think it’s reasonable for literally anyone but you to give out your credit card details is a pretty big sign my guy
Because banks don’t give out credit card details.
You created an authorization code which is independent from the credit card details. The authorization code doesn’t get revoked automatically when a card expires or a new card issued.
Jesus tap dancing christ. I understand the difference between CC + CCV + expiry date and an oauth token (or whatever protocol they’re using for identification and authentication). I’m saying that not expiring auth codes when new cards are issued is a security and privacy issue. Users should ideally be given a switch to opt in to behavior like that. It should not be the default.
Removed by mod
Credit cards have actually been doing that for years. It’s a feature for recurring payments to reduce the amount of trouble users had when their CC number was compromised or it expired.
Yeah, it sucks too. A couple years ago I was trying to get out of a Sirius Satellite subscription I had opted into during the height of the rony 'rona.
Instead of sitting on the phone with CSRs for hours on end while they pass me around and offer me incentives to stay, I thought I’d be smart and report that my credit card was lost. (At the time you couldn’t disenroll online, that changed I happily found out a few months ago)
Joke was on me though. Sirius updated my new card info, and I was without a credit card for ~8 days.
deleted by creator
Authorizations are different from CC details.
You can call a bank and cancel an authorization without canceling a card.
By design and commonly accepted on recurring payments. Not even remotely new or connected with OnStar.
I’m not sure when you purchased your vehicle, but when I purchased my vehicle Dec 2022 I had to do that OnStar setup crap as well and just denied giving them any information. They said I wouldn’t be able to get this or that but I didn’t care so they didn’t get that information. It took about 15 minutes with the person on the other side being a bit confused but just gave up when I said it the like 5th time.
Either way they don’t need that information at any time unless you want their free trials that are almost never worth it.
Yeah, I’d walk away from a sale before agreeing to that crap, even if they did make it mandatory.
Honestly that shouldn’t weird you out too much, that’s just a convenience feature. And yeah, I know, some people put quotes around the word convenience. But others actually just use the word as is, a convenience.
What should freak the hell out of you is when you and your significant other are in the car talking about buying a new pair of tennis shoes, and then that evening when you’re sitting at home YouTube shows you a commercial for tennis shoes, when you’ve never seen any ads for tennis shoes on YouTube before.
deleted by creator
I wonder what happens if you only have a single card with no money on it.
That sounds awfully convenient and OnStar saves lives, so…