I was recently astonished to find a payment on my credit card statement that had been authorised using invalid security details.
What happened was this. I used to have an internet account with PlusNet, which I recently cancelled. PlusNet tried to charge my credit card after I cancelled my account. This didn't surprise me, as that's just the kind of unscrupulous people that they are. But what did surprise me was that the credit card company (Egg) processed the payment, as my card had recently expired and the details that PlusNet had were therefore out of date.
I contacted Egg about this and they told me that once a continuous credit card payment is set up, then it is valid for all time even if the card details expire, and if the merchant asks them for payment then they have to oblige.
Surely this can't be right? Doesn't this just make life easy for online fraudsters if credit card companies can process payments based on out of date expiry dates?