It is not quite uncommon as you think. Almost all international time based subscription services across the internet work like this. Since each one of them is able to leverage this (which is okay in my opinion), we need to do more research about how this works, namely how additional factor authentication can be (is) legally bypassed (which is the use case, as I’ve already said, for most time based subscription services)