.png?width=365&height=122&name=BTLogo%20(1).png)
Stale Card Data: A Hidden Tax on Subscription Revenue
The average credit card is valid for three to five years, which, in practical terms, means that any merchant relying on stored information should expect 0.6% to 3.6% of the transactions they submit each month to be associated with expired data. The actual usable dates are, however, much lower than the full three to five years, owing to customers losing or replacing their cards well before the expiration date, making the challenge of executing a fully successful subscription run each month even greater.
This stale data creates a constant challenge for merchants, who cannot properly forecast their revenue, nor rely on predictable income. On the other hand, this represents an opportunity for merchants still in the process of solving the problem to make a meaningful improvement to their revenue mechanisms.
How does credit card data go stale?
Every credit card eventually expires: the physical item that sits in everyone’s wallet is designed to be temporary, a talisman of purchasing power that must be replaced from time to time as a security measure. Given that replacements are generally mailed by the issuer 30-60 days before the replacement date, and that many cards degrade with use prior to their programmed end date, it is entirely normal for a card to be discarded in favor of a newer model within 2 years.
Beyond programmed obsolescence, credit and debit cards are replaced all the time for other reasons: a wallet left in a taxicab on vacation, for instance, or after a theft. However, these don’t truly result in ‘stale’ card data, but rather what you might call ‘defunct data’. Where an expired card will likely be replaced with one that has the same 16-digit number on the front (albeit with a different CVV number), a lost or stolen one will have a new one.
As such, the old date is not stale but effectively unusable.
Can merchants still transact using stale data?
Why yes, yes they can! In one famous instance Dropbox continued to extract a monthly subscription payment from an account while using data that was not just stale, it was literally three years out of date. There are some intricacies, however, to this situation
Recurring charges can certainly continue, theoretically, until the underlying account is closed or the subscription is canceled; on the other hand, new charges cannot be made with stale data, nor can subsequent one-time charges, even if presented by an entity that is still successfully charging subscriptions. By contrast, charges cannot be made at all using defunct data, and repeated attempts to submit hard declined charges can quickly lead a merchant to face serious objections from the issuing bank and the card network.
That is not to say, however, that continuing to use stale data is a financially sound move, as the card networks can extract additional fees for allowing the transaction to go through. For instance, the Mastercard Credential Continuity Plan (CCP) charges a $0.09 fee each time a transaction is successfully processed using stale data. While not a huge number in and of itself, when combined with the other fees likely charged by every representative of the payments ecosystem, it can add up to a meaningful drag on a merchant’s revenues. And this is quite deliberate: Mastercard would prefer merchants keep their customer data current, using account updater, and related, services, in order to reduce consumer dissatisfaction and to lower the risk of failed transactions.
How to Avoid Stale Credit Card Data
Given the extra costs, and the increased likelihood of declines on transactions that contain stale data, the pressure is on merchants to keep their information up to date. Happily, there are a number of options to achieve this, the most significant of which are:
- Using an Account Updater Service: All four of the major card networks (Visa, Mastercard, American Express, and Discover), as well as other less well-known networks, offer account updater services, which supply approved merchants with fresh data when a card expires.
- Integrating to Digital Wallets: When taking payments through Apple Pay, Google Pay, or any of a myriad different options around the world, the responsibility for maintaining data freshness is essentially offloaded to the wallet operator. While a risk is added (that the wallet operator will fail to maintain access to usable credit facilities), it is of substantially lower likelihood than the expiration of a credit card number.
- Use Network Tokens: The major credit card networks offer these tokens, which take the place of the Primary Account Number (PAN) that is displayed on the physical card. They are secure, specific to the merchant, and unlikely to become stale, as they are not inherently linked to the physical card.
While it is certainly the case that payment service providers (PSPs) can ease access to account updater services, alternative payment types, and network tokens, it is also a truism that they will charge a fee for the service. Allowing a single full-service PSP like Stripe to act as the intermediary between merchant and payment ecosystem also creates a near-existential risk, by locking the relationship in place: many of the connections between the merchant and downstream payment processing services cannot be transferred, and even those that can tend to be tricky and expensive to arrange.
As a result, innovative merchants are moving to a multi-processor stance in building out their payments strategy, maintaining relationships with multiple PSPs and payment gateways, balancing the transactions sent to each to optimize for cost and convenience, and remaining vigilant for opportunities to improve their operations by regularly switching partners. They are also exploring ways to maintain control of the core data they need to continue running and growing their businesses, including retaining ownership of network tokens outside their PSP partners.
The key to orchestrating such a multi-processor approach is a programmable payments vault, which can securely collect and store personally identifiable information (PII), and make it available for use through the use of safe and undecipherable tokens. Not only does this give the merchant control of their data and an easy route to choosing a stable of reliable payment processing partners, it also opens the door to intelligent payment orchestration, which can increase transaction success rates, reduce costly chargebacks, and drive down overall processing costs. Providers like Basis Theory make it easy to retain control over data that never becomes stale, while keeping internal systems as far as possible from PCI-DSS scope, boosting ROI by reducing the cost of complex regulatory compliance activities.
To reduce your reliance on PSPs, lower the risk of stale data, and recapture fees wasted on transactions involving expired credit card data, the time is ripe for a careful evaluation of a multi-processor strategy using a foundational token vault.
