Customer FAQs

If you can’t find the answer in our FAQ, you can always contact us.


It’s useful to be able to update your credit card details, and you’ll always need to do so in these circumstances:

  • You get a new credit card (for example, the old one was lost or stolen)
  • Your credit card expired, your new card has the same card number but a new CVV and / or expiry date
  • Re-adding your credit card details will trigger us to attempt to charge you again
    • Credit card over-limit for several days in a row when we’re due to charge you (we try for three days in a row, then “freeze” your account)
    • Your bank denies our charge several times in a row, you let them know it’s ok

It’s easy to re-add or update your credit card details in

Log in to GMB account admin

Head over to our Account Lookup page (that link opens in a new tab).

cards.gmb simple login form

ABOVE: Log in with the same (1) username and (2) password you use for the site you bought access to. Check the box (3) to declare you’re not a robot.

Prove you’re a human

Somtimes, hackers make robots to try to log in to our site and steal data.

To keep your details safe from these attackers, you may be asked to prove you’re not a robot, with a simple challenge like this:


ABOVE: In this example, the challenge is to identify all images that show roads (each challenge is different). Click on (1) the images of roads (only one in this example), and click (2) Verify.

Select account

If you have multiple accounts with, you’ll be able to select the relevant account (if you only have one account, you will not see this page).

ABOVE: This user has multiple accounts with GMB, for different websites, so they are prompted to select the account for the website they want to update the card for.

If the card needs to be updated for multiple sites, the procees below needs to be repeated for each site.

Update credit card details

The secure account details, page opens.

Switch to the Billing panel on the left, and click the green “Edit” or “Add” button.

ABOVE: In this example, the user can click the green “Edit” button to edit their existing credit card detials.


ABOVE: In this example, the user has no credit card on file with GMB. They’d click the “Add” button to add a credit card.

Enter the new credit card details (if you have the same credit card details, and you’re doing this to re-enable billing after failure, or to verify you own the account, using the same credit card details is fine).

ABOVE: The user is prompted to enter credit card details. This example user has been a customer for a few years and has several credit cards on file. They could choose one of the existing cards on file (that are unexpired), or enter new card detials here.

Click “Pay” (if a billing is not actually due yet, you will not be charged at this time).

What happens next?

Our system will record the new information.

Updating details for a PPS security check

If you’re updating card details for a PPS security check, switch back to the site you’re buying scenes on, and repeat the top-up process. You’ll be asked a security question again – you have two attempts, and if you fail, you’ll have to come back to GMB and update your card again!

Updating CC details so a rebill can occur

If a rebill is currently due on this account, as soon as you submit the new CC details, we’ll try to bill your card again immediately. If it’s successful, you see the new charge on the Transactions panel. Your access is restored to the site – enjoy!

If the rebill fails again, you’ll need to contact us so we can look into it further (but you could also try adding a different card), or contact your bank and ask them why they are not letting us charge your card.

Updating CC details for a future rebill

If you’re not currently due for a rebill, when the rebill due date does comes around, we’ll simply use the new card details for subsequent charges.

We provide billing services for a range of subscription and product websites on the internet. If you are not sure which website you joined, you can contact us by entering some information on a web form, and we can tell you the details of your subscription.

If you are unable to locate any more details, please use our contact page, and we’ll get back to you in under 24 hours.

When you buy from one of our business partners, our website address will show on your credit card statement. From there, you can look up an account to get more details.

“Rebill” means that at the end of the period you have paid for, you will be automatically charged again for the next period.

This is so you can enjoy continued access, without having to re-subscribe every month. If you don’t like this idea, most of our clients (the website you are subscribing to) have a few other options – look for “no-rebill” subscriptions.

An example of rebilling is:

  1. You join on March 17th, for $12, for 31 days access.
  2. On April 17th, you are rebilled another $12.
  3. On May 17th, another $12, and so on.

At any stage, if you want to cancel these rebills, you can. You’ll have access up until the next rebill date, but you won’t be rebilled – your account will be closed on the last day.

To stop your account from rebilling (sometimes referred to as “recurring” billing; see below for further explanation) or to check your account’s status, you need to go to our Account Lookup page.

You will need to log in with the same username and password as you use to access the site you paid for access to.

This info is in the email we sent you when we first joined – consider doing an email search for messages from “”.

When you enter that info on the account info page, you will be able to:

  • Cancel any future rebills
  • Update your credit card information
  • Check the status of your account
  • Change your password if you have forgotten it
  • See when you are due to be rebilled
  • Change your listed email address
  • Upgrade your account to a higher access level (if the site you have subscribed to has this option)

Note: You must cancel at least two days before the rebill date to avoid being charged again.

Note that this page is for customers who joined the client site by If you joined by CCBill, you’ll need to contact CCBill directly to ask them to delete your account details. Check your credit card statement to see who is billing you. allows the permanent erasure of personal details from a SubID basis in the following circumstances:

  • Last billing was 12 or more months in the past
  • Accounts is set “inactive” in our system

Typically, accounts with no billing in the last 12 months are set to “inactive” anyway.

Note that account personal data 7 years old is erased automatically by our system on its 7th year anniversary, if the account is inactive and does not have a charge in the last 12 months (which is typically the case).

Pay Per Scene accounts cannot be self-deleted – contact Customer Support with your request, and it will be addressed promptly.

What will be erased?

When an account’s personal data erasure is initiated, the following data is deleted from the account details held at GMBill for that SubID:

  • First name
  • Surname
  • Email address
  • Address info
  • Username
  • Password
  • Credit card details

Once an account has had personal information deleted, it’s not possible for Customer Support to assist you in administering this account any more. Discount rejoins cannot be offered.

How do I erase my personal details from my account?

Log in to GMBill, using your username and password (the same one you use for logging in to the site you paid for). If you have multiple SubID’s with us for the same username and password (for example, a subscription to several different sites, or several subscriptions over time to the same site), you’ll be asked to select a SubID to proceed.

On the logged in page, if this account is able to have personal data erased, the “Erase your data” panel will be shown on the Your Account tab.

ABOVE: The “Erase your data” panel

Simply click the red “Delete Personal data for SubID 123456” button, confirm you are certain – this cannot be un-done! – and the personal data will be erased. You will be logged out of GMBill.

If you have other SubID’s with data you want to delete, log in and repeat the process for each SubID.

ABOVE: This user is not able to erase their personal details yet, as it has not been 12 months since the last change or, the account is still active.

No, we do not support these cards, sorry. We only process Mastercard and VISA cards. BV implement best practices in security standards.

The biggest risk is a customer selecting an insecure password – we require reasonably secure passwords when joining, but they can still be cracked. We always recommend long, complicated passwords with lower and uppercase letters, numbers, punctuation, and other special characters.

Some example secure passwords (do not use these!):


Of course, these are impossible to remember, so we also recommend the use of Password Managers, such as LastPass (a browser plugin) or KeePass (an application on your computer). These make password management easy (you only have to remember one master password), and help you make all your internet accesses secure. They’re free for personal use.

Security steps we take on

We use HTTPS for all pages on (secure hypertext transfer protocol), a well-established method of ensuring communications are encrypted. This prevents eavesdropping and tampering with information between us and you.

When we receive information you provide, we use 256 bit encryption of your information from when you enter it, to where it is stored in our database.

Access to our administration areas (for example, to administer users) is password protected, plus a custom SSL certificate is required.

Our Systems Administrator works to keep our servers up to date, using the latest most-stable versions of software (for example, Linux, Apache, PHP, MySQL, Memcached), and we use an inherently stable platform of Amazon Web Services (“AWS”).

Credit card details are securely stored in a digital “vault” held by a third party PCI-DSS certified specialist. does not store your full card number but instead uses a token to communicate to the vault when charges are made against your card.

As you join, or look up your account info on, you’ll see a small padlock icon in the address bar of your web browser. Double click on that for additional security information.

gmb secure

ABOVE: GMB site screen capture, showing security certificate. Click for full size image.

You might also want to read our Privacy Policy.

When users look up their account, two cookies are set.

PHPSESSID allow a user to stay logged in without needing to resubmit their username and password for each page visited (it doesn’t contain any personal info, just a random key). This cookie expires when the user closes the browser.

jwt identifies the logged in user, and is used to send API requests to other GMB microservices. It’s valid for 24 hours then expires, and does not contain personal info.

Argh! Sorry about that. 😖 partners with European Union merchant banks who are generally reliable, stable, robust and secure.

When GMB receives an instruction from you to bill your card, our merchant bank – called the Acquiring bank – contacts your bank (who issued your credit card) – called the Issuing bank – and asks for their permission to make the charge.

Your bank chooses to approve or deny our request. Typically they approve… but sometimes they don’t. Usually, they provide a reason for the decline (though it can be vague).

Sometimes, our bank stops the transaction (usually because it suspects the transaction is fraudulent, as it matches a pattern usually associated with fraudulent behaviour). We can usually fix that.

When you log in to Account Lookup, we show failed transactions on the Transactions tab, along with the reason your bank provided to us. This page explains what those reasons mean, and suggests actions to take.

Known reasons for customer banks not letting us charge a credit card

“Issuer declined”

The “Issuer” is your bank. They declined our attempt to charge your card. It might work again tomorrow, but most likely, you’ll need to contact you bank to resolve this (see below).

Your bank may deny our request to charge your card if they perceive the risk to be too high. Every bank sets their own risk levels that are largely inscrutable.

Invalid expiry date

When your credit card expires, most Issuing banks make a new credit card with the same sixteen-digit card number, but a changed expiry date. If you got a new card and did not update the expiry date with us, you’ll need to let is know before we can charge your card.

Here’s how to update your card details with us. Only takes a moment. 😌

Insufficient funds

All credit cards have a credit limit, the maximum amount of money your bank is willing to loan to you via this card. If you instruct us to charge your card and it’s over that limit (or, our transaction would put your card over that limit), a “Not sufficient funds” message is shown.

You’ll need to pay-down your credit card, then tell us to charge your card again (or, add a different credit card in GMB).

Invalid card number

When we tried to charge your card, your bank said the card number you provided us was not valid. Maybe they issued you a replacement card? You’ll need to contact your bank to discuss this (or, add a different credit card in GMB).

Transaction not permitted on card

When we tried to charge your card, your bank said the transaction was not permitted. There’s nothing we can do about this, so please contact your bank to ask for assistance.

Suspected fraud

We tried to bill your credit card, but your bank thought our transaction looked like fraud. Some banks are very sensitive to this, and becasue our merchant bank is in Europe, that can cause some banks to be “extra sensitive” becasue it’s different to your usual spending (even if previous transactions with us have worked fine).

Follow the process described below to contact your bank and let them know it’s all good, then let us know so we can attempt to charge your card again.

Do not honour

We tried to charge your card, but your bank said the card should not be honoured – that is, there’s a problem with it (perhaps they think it has been stolen). You can add a different credit card in GMB, or follow the process described below to contact your bank and let them know it’s all good, then let us know so we can attempt to charge your card again.

Exceeds Frequency Limit

Your bank requires you to manually approve a transaction we’re attempting to make (probably on your smart phone).

See our FAQ on Exceeds Frequency Limit.

Known reasons for our bank not letting a charge go through

Exceeds max amount per card per month

Sometimes, our merchant bank limit how much you can charge by your card in a given month (if there are a lot of transactions, it can look like someone stole your card and is going on a shopping spree).

Let us know if you see this error, and we can likely get the limit raised for you.

Contacting your bank (“Issuer”) to resolve an issue

If we report that your credit card issuer (that is, your bank) is not allowing us to charge your card, it’s worth contacting your credit card company by phone. They can make changes on their end to allow charges from our bank.

Use the phone number on the back of the credit card, and ask to allow charges from – they should be able to look at recent attempts to charge your card, and see the line items from they rejected. They will also be able to see the reason for rejection (usually, some sort of over-sensitive fraud protection).

Let the operator know the charge from is all good, and – if you wish – to allow charges from GMB in the future (or you might have to call them up again!).

Banks are unlikely to ask what the charge is for, but if they do, you might wish to say it’s simply for “digital goods”. 🤫

Typically, this involves short on-hold times (if at all), and just a few minutes of talking on the phone, so it’s worth a try!

Any changes they make will only apply from then on, so you need to attempt the transaction again (or ask us to).

Can’t get it to work? Let us know.

We want to help you enjoy what you’re trying to pay for, so let us know if you’re stuck. We’ll get back to you by the next business day (be sure to check your spam folder for our response).

Some sites GMB works with provide subscription options for customers (for example, to different areas of paid content). If you do not currently have access to all of these paid areas, you can choose to “upgrade” to gain access.

This is administered by GMBill’s Client (that is, not by us directly), so you’ll need to log in on their site to upgrade. They probably have a FAQ on this as well! can issue refunds, but only for billing errors (for example, if you were accidentally double-billed, which can happen occasionally). Contact us and let us know about the situation, we’ll respond promptly (be sure to check your spam folder for our response). is not able to issue refunds for other matters (for example, videos won’t play, not what you expected, unintended rebill, changed mind). These sorts of refunds are handled by the client site you purchased from – check their FAQ for details.

All of GMBill’s client sites have a published refund policy, and choosing to deviate from that is at their discretion.


We’re concerned about the security of our site for ourselves, our models, and our customers.

If you discover an exploit or vulnerability in or a related non-WordPress site, or one of our internal applications, we encourage you to let us know right away. We will investigate all reasonable reports, and do our best to quickly fix the problem.

Responsible Disclosure Policy

Taking a cue from Google and other large tech companies, we have a simple “Responsible Disclosure Policy”, which must be observed when reporting an exploit or vulnerability. If you follow these points, we won’t get our lawyers involved.

  • You give us reasonable time to investigate, before making your findings public
  • You do not use the exploit to take unauthorised information or media from us
  • You make reasonable efforts to ensure private information is not distributed
  • You do not exploit a vulnerability for any reason
  • You do not violate any laws in your jurisdiction


We may, at our discretion, pay Bounties (cash payments) to people who meet our Responsible Disclosure Policy. The amount of the Bounty will be determined by the size of the impact and the significance of the risk we assess the discovered issue to be. Small size and low risk may not be due a bounty at all. A more significant issue might see between US$500 and US$1500. Amounts are calculated at our discretion only.

If we receive multiple reports of the same issue, we assess on a “first in, best dressed” policy.

Taking a lead from Facebook, if you provide proof of donation of the bounty fee we pay you to a recognised charity, we will match that donation to that charity.

If you wish, we will publish your name on this page, as recognition of your efforts (However, to date, no one has wished for that. :()

Reporting a vulnerability

Email with the subject “Reporting a vulnerability”.

Customers in the EU may see the “Exceeds frequency limit” error message when we attempt a rebill.

It is up to your bank to decide what their tolerance is for allowing rebilling transactions like this. For example;

A bank may decide that every third rebill needs to be verified by the customer.

Another bank may decide that any transaction over the value of US$35 must be verified by the customer.

You can ask your bank to always authorise transactions from us, if you prefer.

This is part of Visa and Mastercard’s SCA (Strong Customer Authentication) program, created in an effort to reduce fraud. You may see this referred to as “3D Secure” or “Visa Secure” or similar at your bank.

Logging in to GMB Admin will allow you to trigger the rebill at a time that suits you, and complete the authentication step. You may need to take action in a smartphone app or online bank portal to approve the payment.

Once the charge has been made successfully, your access is reinstated from today’s date, and you will have access for the duration of the period your subscription is for. Time you did not have access to the website is not charged.