One-Time Credit Card Numbers for More Security

By TFB

The sixth largest payment processor in the country Heartland Payment Systems disclosed recently their system was compromised by hackers with a piece of data sniffing software watching credit card data pass by between Heartland and credit card networks. That system processes 100 million transactions a month. This had gone on for months until Visa and MasterCard alerted Heartland about unusual patterns of fraudulent activities. The Wall Street Journal quoted a credit card industry analyst as saying this could be largest credit card data breach ever.

While credit card companies typically reimburse customers against unauthorized charges, having your credit card number stolen is still a hassle. You have to get a new card number, update your recurring charges, and change your bill payment set up. It’ll be best if your card data aren’t stolen in the first place. If you have the right card, you can make your credit card number more secure by using one-time card numbers.

You need a card by Citibank or Bank of America (including its subsidiary FIA Card Services). These banks offer software that generates a one-time card number, officially known as a “controlled payment number.” You can configure the expiration date and the maximum amount allowed for the one-time card. Once used, the card is tied to the merchant where it was used. If you gave the card number to XYZ.com online or your dentist’s office over the phone, only XYZ.com or your dentist’s office can use it. If you put the maximum at $50, they can only charge up to $50. If the card number is stolen, the thief can’t use it elsewhere. They don’t have your real card number.

The banks call this software by different names. Citibank calls it Virtual Account Number. Bank of America calls it ShopSafe. Under theĀ  hood, they are pretty much the same thing. The software is made by the same company: Orbiscom in Dublin, Ireland. Orbiscom is recently acquired by MasterCard for $100 million.

I have used the Orbiscom software for one-time credit card numbers for a few years. It works well. I use it for online, mail, and phone orders. These days you never know who’s going to lose your data once you give your credit card number out. With the one-time card numbers, you gain a little bit peace of mind.

This is not an infomercial. I’m not involved with any of these companies other than being a customer.

Software picked, likely related posts:

Posted on January 29, 2009 under Banking and Credit Cards, Spending. Keywords: .

Leave a comment

Comments

11 Comments on One-Time Credit Card Numbers for More Security

  1. Ulysses on January 29, 2009
     

    The Citibank version is useful, but continues to not be friendly to Mac users. The software is Windows only, and if you’re on a Mac, you’re forced to deal with the alternative – a tiny flash pop-up window that keeps resizing itself when you login and generate a new card number.

  2. James on January 29, 2009
     

    Having credit cards stolen is more than just hassle as tfb detailed above. The credit card numbers then sold to shady businesses who continued to hassle us for not pay up and then threaten with collection agencies.
    Having been there, we totally endorse the one-time use numbers. It takes longer to complete an online purchase but then again that may not be a bad thing. No impulse purchase there. Although one-time use is a bit of misnomer. The numbers can be used again and again with the same vendor but useless with a different vendor.

  3. Ed Averill on September 26, 2010
     

    I looked into using the B of A ShopSafe card and found it does not produce one-time safety. Once a number is created with a maximum transaction amount it gets tied to the first vendor that uses it (presumably the one you gave it to), but nothing prevents that vendor from submitting an indefinite number of transactions for amounts below the amount you specify as the maximum amount. At least that is what the on-line-chat support person told me. So, there is a little bit of safety in the number, but not as much as one would want.

  4. Ed Averill on September 26, 2010
     

    To add to what I said above, I would say that “one-time” is what I want but not what they provide. The descriptor “virtual account” better describes what they provide.

    In addition, I could say that the access to Shop Safe, while a bit buried in the menus, was working for me on a Google Chrome browser under Linux with no problem. (Well, the demo button didn’t work, but the real thing did.) It was obviously java-dependent, but most browsers on most operating systems provide that these days.

  5. TFB on September 26, 2010
     

    Ed – The max amount is cumulative. Although the first vendor can submit multiple charges against the virtual card, the sum of those charges can’t exceed the maximum you set. I have had this happen multiple times with different vendors. When I used the same virtual card number at the same vendor but I forgot to up the maximum, the authorization was declined. Not true “one-time” but the maximum you set can make it effectively one-time.

  6. Bengal on September 28, 2010
     

    I asked Capital One but they didn’t have anything that is One-time or virtual or disposable. Could you please help me TFB? I’d like to buy this acai berry product and Paypal is no longer offering the plugin. I tried searching in Paypal for that “secure card” but nothing came up under help. I guess they’re discontinuing that in order to advertise their own Paypal credit card that comes with their own protection guaranteed. Or should I reach out to Visa/Mastercard websites to find this option?

  7. TFB on September 28, 2010
     

    Bengal – In the United States, only Citi, Bank of America, and Discover offer this service. If you don’t have a card from these three banks, you can’t use it.

  8. Jack on October 6, 2010
     

    Am I correct in thinking the Discover virtual credit card doesn’t allow you to set it for “only one use” with a particular merchant?

    And does the Bank of America Shopsafe allow you to set when the virtual credit card expires? I read on their website:

    “Secure account numbers always expire on the same date as your actual Discover Card account number.”

  9. TFB on October 6, 2010
     

    Jack – Never used the Discover version. Bank of America’s ShopSafe lets you set both the dollar maximum and the expiration month and year. You choose from 2 months to 12 months from today.

  10. Melvin on October 10, 2010
     

    Just curious if anyone knew if these would work with a debit card or whether you have to have a credit card. Thanks.

  11. Jack on October 10, 2010
     

    I believe you do need a credit card – at least for Bank of America and Citibank and Discover.

Tell me what you're thinking, but please don't spam. See comments moderation policy.