Disposable credit card numbers provide extra security – The Viewpoint
In an age when online credit card fraud seems to be inevitable, here’s a potential solution: Instead of trying to prevent card number theft on the web, just use numbers you don’t mind. ‘be stolen.
This is the talk of a startup specializing in offering virtual cards – credit or debit card numbers linked to real payment accounts but which can only be used at a single merchant or which expire as soon as possible. ‘they are used, limiting the potential damage if a hacker gets hold of them.
“It’s a way of blurring the lines,” said Boling Jiang, managing director of New York-based payments startup Pay With Privacy. “Scammers get these numbers, but they are useless.”
Jiang’s company and rival New York-based Token Payments offer free online services that let you pay with your existing checking, debit, or credit accounts. The Oakland Final start-up offers its own credit card. All three have similar features, designed to make users feel more secure when giving payment information to online merchants.
They allow users to generate an unlimited number of virtual cards, which act like regular credit or debit cards and come with expiration dates and three-digit security codes. But unlike regular cards, they can be set to expire after a single use or after a certain amount has been charged to them, or they can be locked out for a particular merchant.
If a fraudster steals the number you gave to one merchant and tries to use it at another, the transaction will be blocked.
Businesses don’t mind running out of card numbers. There are 10 quadrillion possible 16-digit numbers, and virtual card companies have the option to recycle numbers that are no longer in use.
By creating payment information that would be of limited benefit to thieves, businesses are mimicking other payment security measures and technologies, including smart cards.
When you swipe a credit or debit card at a store, the magnetic reader gives the merchant the 16-digit number printed on the front of the card. It is an attractive target for fraudsters who may try to use these numbers elsewhere if they hack into the retailer’s network. That was the concern when there was a data breach affecting some 40 million Target customers in 2013.
When you insert a smart card into cash readers, the merchant gets what is called a token, or a one-time use number that is useless in case of theft.
Tokens are also used in online and mobile payment systems, such as Apple Pay, Android Pay, Visa Checkout, and Mastercard’s Masterpass. PayPal also allows users to pay without providing their card or bank account information directly to merchants.
Yet virtual card startups see opportunities in e-commerce, as not all websites and mobile apps accept such payment systems, while nearly all still accept cards.
“A lot of people are still arguing over the checkout button,” said Andrew Dietrich, COO of Final, referring to payment options such as PayPal that appear on merchant payment screens. “But there is no standard of acceptance. What is still universally accepted are these 16-digit numbers. It works everywhere. “
These companies claim that they will help protect your online payment information.
Final, a credit card company, offers account holders a physical card and the ability to create locked or single-use virtual cards online or through a mobile app. The card is available to applicants with good to excellent credit.
Privacy is a free service that works with most current accounts. Unlike Final, users don’t need to apply or undergo a credit check. After users link chequing accounts to the service, they can create virtual card numbers through mobile apps or browser extensions.
Token is a free service that works with any bank account, debit card, or credit card. As with Privacy, there is no credit check. Users can create virtual cards through Token’s mobile application.
The idea of virtual cards is not new, as big banks and credit card companies have been offering them for years, although the offers have been little used or little known.
Discover used to offer virtual card numbers, but stopped this practice in 2014. Bank of America’s Shop Safe virtual card feature has been around for a decade, but the bank acknowledges the tool is not in use. only by a small number of customers. It only works through the bank’s website and is not integrated with its mobile app.
Venture-funded startups generate income by taking a portion of the payment processing fees that merchants pay to accept credit and debit cards. Final, unlike other companies, issues a credit card through a South Dakota bank, which also allows it to earn money on interest.
The startups are particularly aimed at young, predominantly mobile customers, presenting their products as suited to consumers who depend on subscription services like music, movies, food and clothing. And they have simple apps that work with just a few clicks.
With Final and Pay With Privacy, customers can create two types of virtual cards. For subscription services and online merchants where customers buy frequently, there are merchant locked cards. These cards, once used by a particular merchant, can only be used by that merchant.
Since each merchant has their own card, users can effectively cancel a subscription by closing a single virtual card. Dietrich of Final said that in many cases this is easier than trying to go through the merchant himself.
“You don’t have to think about it and go to their website and go through all the layers of customer service to cancel,” he said.
Final and Pay With Privacy also offer one-time cards, or “burners,” which expire after a single transaction, a feature that can be of interest when shopping on an unfamiliar website for the first time.
Token only offers one type of virtual card, but Zohar Steinberg, the chief executive of the company, said any of its cards can be quickly deactivated, making them convenient for recurring use or unique.
“You go into the app and go to a payment token, swipe right, and it’s frozen in 10 seconds,” he said.
Brian Riley, director of payments consultancy Mercator Advisory Group, said these new virtual cards appear designed to address consumer concerns about fraud, even though consumer protection laws effectively protect consumers from the consequences of card number theft.
“It’s capitalizing on people’s fear,” Riley said. “But the important thing to remember is that at the end of the day, consumers already have no responsibility behind them.”
Federal rules and credit card network policies protect consumers from liability for fraudulent transactions, limiting their liability to a maximum of $ 50 if they report their physical card as lost or stolen, and there is no liability if card numbers are stolen online.
But the new virtual card companies say consumer protection is only half the problem. Their argument is that consumers should not only have any financial responsibility for fraud, but also shouldn’t have to deal with the hassle of reporting fraud, getting a new credit card, or getting a new credit card. edit payment information with many merchants.
© 2017 Los Angeles Times
Visit the Los Angeles Times at www.latimes.com
Distributed by Tribune Content Agency, LLC.