Recently you may have received an email from LastPass asking you to update the billing address information on your account. While we followed industry best practices and purposefully avoided including a link back to the LastPass login page, choosing to provide instructions on how to update the information assuming that you were already logged in to the product. We appreciate that we could have been clearer with that in the message we sent.
Why did we send the request for billing address information?
We are in the process of making improvements to our billing systems and back office applications to better serve our customers. There are also credit card industry changes coming along shortly ( 'PSD2' ) that are designed to increase the security of credit card transactions. Having accurate billing addresses allows LogMeIn and the credit card processors to better protect your payment information.
If you are unsure of how to update your information, this support article will help.
Thank you for being a LastPass Customer. I trust this acknowledges your email and provides some extra information on why we sent this request to you.
The reason you are being prompted to add billing information when logging in to LastPass is that LastPass now needs to have customer billing addresses on file as we are in the process of migrating to a new commerce platform. As part of this migration process, we now require billing information to ensure that the payment method on file is authorized to perform transactions to LastPass. Our new payment platform checks billing addresses to verify the billing information associated with the payment card is associated with the correct person and to protect against fraudulent charges.
This change is due to LastPass moving to a new billing system, with new requirements for increased security. There are also credit card industry changes coming along shortly ( 'PSD2' ) that are designed to increase the security of credit card transactions. Having accurate billing addresses allows LastPass and the payment card processors to better protect your payment information, and this information is separate from the payment information you may have used for LastPass previously.
Boilerplate word salad doesn't answer the question.
When you are nagging paying customers for credit card info you need at minimum:
1) A way to log in and see current payment details with card number and exp date
2) A portal inside the current account environment identical both stylistically and functionally
This ensures that you are actually in your account and not being hijacked.
1) Ask for information in isolated forms
2) Use popups for payment information - for any reason - ever
In short, your billing portal looks and feels suspicious and is open to attack. Unless these security issues are resolved this may be the end of my relationship with LastPass and Logmein.
It looks bad and frankly speak poorly of your company.
Then you are doing it wrong. Every part of your billing query is suspicious looking and fragile. You use a popup - a popup - to enter credit card info. One of the biggest no-nos in security. Just amazing.
Apologies for any confusion with the wording in previous posts, LastPass now requires billing address information to be added to their account, not their credit card or payment information. There are two separate areas where you can update your LastPass account billing information and/or update the payment method, this support article outlines how to update either of these options from within the Vault: https://support.logmeininc.com/lastpass/help/how-do-i-update-my-payment-information-lp010117
Interesting. So how do I provide billing address to a card I can not see? I use several cards some with my business address, some my home, some an out of state address for S corp purposes. So I just guess and enter a random address and hope my CC company doesn't kick back a bad address error?
How about this:
1 Kill the popup it's kindergarten junk. And insecure. And doesn't work in all browsers.
2 Move billing from the Logmein circular web trap back to LastPass with all other account options.
3 Show the current method of payment like literally every other company on the planet with name, last 4, and exp date.
I have honestly never seen a back end pile of garbage like this outside my county web portal. It's really really bad and for a company that's "all about security" it does not breed confidence. The only company in your situation with a poorer showing was Trustwave - they used Flash for their front end.
I may be asking the same question as HunterCreshall,
Responding to Hunter, Rachael wrote, [numerals, paragraphs and emphases added]
(1) "This change is due to LastPass moving to a new billing system, with new requirements for increased security.
(2) "There are also credit card industry changes coming along shortly ( 'PSD2' ) that are designed to increase the security of credit card transactions.
(3) "Having accurate billing addresses allows LastPass and the payment card processors to better protect your payment information, and
(4) "this information is separate from the payment information you may have used for LastPass previously. "
Can you break it down a bit more? It sounds like some unknown actors ("processors") in the payment chain want more info in case a bad card is submitted, and is demanding additional info from everyone.