How secure is your payment information with 3rd parties?

How secure is your payment information with 3rd parties?

Recently I got an email reminder to extend my premium account with Spotify, this was in fact updating my payment data also. First, I received an email to tell me to update this, for me this immediately raised the question was this “fishing”? However, by looking at it, it was not and could login through a link to update my payment data. By clicking on a link, it got me to my payment information;

spotify

However, the next step was an experience on its own as it asked to scan my credit card with my mobile device;

This feature that debuted in iOS that lets you to save your credit or debit card information in your browser so that you can auto-fill text boxes when purchasing something online or updating your payment information.

Whenever you’re in a payment page in Safari that needs to be filled out, tap one of the text boxes where your credit or debit card info goes. The keyboard in Safari will then prompt you with the option to “Scan Credit Card.”

Once you select the option, your camera will open and you’ll need to position your card in the frame for it to successfully pull all of the information (name, number, expiration date). The CVC code is entered manual.

Overall the experience was good however a view points that either raise questions or remarks;

  1. How did they take in to account the point of tokenization part within their payment process, during the scanning process or how secure is scanning the credit card information?
  2. How is PCI compliance impacted by this approach?
  3. Why do I not get a notification through the Spotify app to update my payment information?

Again, is more the point of how do you engage your customer in such a way, that it is 100% secure and gives the customer a comfortable feeling, plus experience. Therefore, email notifications asking to update your payment information should be taken out of the customer engagement process.