The Case of the 200,000 Missing Subscribers
The call came in on a Tuesday, and Tuesdays are never good news in this business.
A subscription outfit, three years old, cleaner than a Sunday collection plate. No compliance flags. No chargeback problems. The kind of client that makes you wonder why they need a detective at all.
Turned out they needed one because they'd just lost 200,000 customers in a filing cabinet they didn't know they'd rented.
How to Misplace 200,000 Subscribers
They'd decided to switch payment processors. Nothing dramatic about it. The old one was getting greedy on fees, the new one was cheaper, and somebody in finance ran the numbers and said, "Do it." Engineering did what they always do. Exported the file. Mapped the fields. Cut over on a Saturday night when nobody was watching.
The migration screen turned green. Somebody bought donuts and someone else found the Dixie cups and filled them up. Everybody went home happy.
Three days later a support agent read something on her screen that made her stomach drop. TOKEN NOT FOUND. She figured it was a glitch and comped the customer a month, the way you'd wave off a fender bender and figure the paperwork to get your DeSoto fixed could wait. By Friday the glitch had friends. By the following Tuesday, finance had a spreadsheet with 200,000 rows and the same three words stamped across every one of them.
That's when I got the call.
Token migration gone wrong
I asked to see the export file. Didn't take long to find the rot. The old processor hadn't handed over payment credentials. They'd handed over a phone book full of numbers that only rang inside their own building. Take that phone book anywhere else and dial one of those numbers, and nobody picks up. No card. No customer. Nothing but a string of digits pretending to mean something.
The client had one move left, and it was the kind nobody wants to make. Send an email to 200,000 people and ask them to type their card number in again, like starting a relationship over from the first date.
To their credit, they did it clean. No countdown clock. No red banner screaming ACT NOW. Just a straight ask: update your card, keep your subscription. Honest work in a business that doesn't always reward honesty.
PYMNTS Intelligence has research suggesting a card decline pushes 27% of subscribers to cancel or walk straight into a competitor's arms instead of fixing the problem. Run that math against 200,000 people and you get a number that makes a CFO reach for something stronger than coffee. Heck, I'll join 'em.
It gets scarier from there. Despite their best intentions, their honesty, their moxie, what happened next was going to happen whether or not they were thinking they lived in a world that plays fair (hint: it doesn't). Send 200,000 people an email asking for their card number, and you've just trained 200,000 people to do exactly that the next time somebody asks, no matter who's really asking. Three weeks later, a second email hit the same inboxes. Same subject line. Same logo. Same request. Somebody out there had been reading the mail.
Talk about a shakedown dressed up in its best Sunday suit.
Who's Really Holding the Cards?
I went back to the old processor and asked the only question that mattered. Who owns these tokens?
Took them two paragraphs to say "It's complicated." That's usually the tell. When the truth is simple and the answer isn't, somebody's protecting something.
A gateway token is a house key cut by one locksmith for one door. Take it to a different door and it won't turn, because it was never built to. Hand that key to a new processor and you've handed over a shape with nothing behind it. That's exactly what happened here.
Network tokens play it straighter. Visa and Mastercard and the rest cut their own keys, and those keys work no matter who's standing at the door, because the network holds the master, not the gateway.
Then there's the PAR. Payment account reference. Tied to the card itself, not to any processor's filing system. A card can pass through five different vaults over the years and the PAR stays the same, just sitting there like a G-man outside a speakeasy, like it's seen this whole racket before.
None of that has a thing to do with security. A company can pass every PCI audit the industry can throw at it and still not own a single card number sitting in its own database. Compliance answers one question: is the data locked up safe. Ownership answers a meaner one: can you take it with you when you walk.
Before the Moving Truck Shows Up
A few things worth knowing before a migration lands on somebody's desk, not after.
- Get the current processor to say, in writing, whether the tokens travel or stay put.
- Price out a full re-entry campaign in cold dollars, support hours and expected churn both, before you need the number for real.
- Find out if the stack can move to network tokens or a PAR, and what that costs.
- Put processor risk on the same list as fraud and chargebacks. Don't let it hide on an engineering roadmap nobody reads twice a year.
The client got most of the revenue back inside two quarters. Cost them a support team working nights, and a customer list that came back a size smaller than it left.
I've worked enough of these to know how they end before I open the file. The company that gets burned isn't the careless one. It's the honest one, the one that figured doing everything right meant they owned what they'd built. They didn't. Nobody does, not until they've asked the right question at the right processor and gotten it answered in writing. Ask early. The alternative is finding out live, in front of 200,000 customers.

About Spreedly
Spreedly's Payments Orchestration platform enables and optimizes digital transactions with the world's most complete payment services marketplace. Built on Spreedly's PCI-compliant architecture, our Advanced Vault solution combines a modern feature-set with rule-based configurations to optimize the vaulting experience for all stored payment methods. Global enterprises and hyper-growth companies grow their digital business faster by relying on our payments platform. Hundreds of customers worldwide secure card data in our PCI-compliant vault and use tokenized card data to enable and optimize over $45 billion of annual transaction volumes with any payment service. Spreedly is headquartered in downtown Durham, NC.

About the Author
Nick Daley is Group Project Manager at Spreedly, where he works on gateway strategy, vendor neutrality, and payment orchestration. He writes about payment architecture and helping organizations build systems that support growth, choice, and control. No trench coat, no badge, just a habit of noticing when a vault doesn't belong to the merchant standing in front of it