I seem to remember hearing about the idea of one-time credit card numbers years ago (ah, here’s an article about AmEx doing this five years ago), but haven’t heard a whole lot lately. This seems like something that merits more discussion, because in the end it should be a fairly standard feature for most, if not all, credit cards. I was talking with someone at work about this and we came up with a couple of different ideas and issues that could eventually come out of the one-time credit card number idea.
First on the list is the length of credit card numbers. If this idea is going to really take off, then the size of the number probably needs to increase. This led to the idea of assigning a “person” and credit card number prefix (perhaps the first half of the number?) and then using the rest of the number for the one-timeness functionality. This could lead to using alphanumeric strings for credit cards instead of just numbers. I think you get the idea, if we make the space big enough there are a lot of possibilities.
These brings us to the next thought, why limit this to simply a one-time number (or string)? If I’m going on a three day trip to Disneyland it might be nice to have a single credit card number that I would only use on that trip. So I have a number (or string) generated and would be able to associate that number in Quicken or MS Money for my Disneyland trip. This could be done by requesting a number that would only be valid between a certain date and time range and optionally for a maximum number of transactions. This concept could also apply for online purchases by requesting a number that is good for only one transaction and for the next 15 minutes. If this was the only type of credit card you used it would make the traditional expiration date meaningless.
The Disneyland trip example runs into another snag though, in most cases you’d need to swipe card through a reader for transactions. So now we need a way to easily program these generated numbers in cards. If we wanted start based off of the current limitations, these programmable cards would have to the same form factor as the current cards, with a magnetic strip that is readable by todays systems. This is because not all transactions just swipe the card, think about those gas station systems that pull the whole card in. One way this could be done is to have disposable credit cards that could be easily programmed with your generated number. They would be available like phone cards, at pretty much every AM/PM or truck stop.
There are still other issues that would have to get sorted out, like would an average person be able to easily use the device to program these cards? Do the credit card companies really work fast enough for time based limits like 15 minutes to really work? Would we be able to successfully overhaul the credit card networks to make use of new technologies, such as alphanumeric strings and personal prefixes instead of numbers? Is it likely that we’ll ever be able to widely deploy new types of credit card systems in a decade or are we stuck with what we’ve got?
5 replies on “What Ever Happened To One-Time Credit Card Numbers?”
According to this July 2004 article from Bank Technology News , AmEx dropped its Private Payments program in April 2004, but 3 card issuers (Citibank, Discover, and MBNA) were still using “controlled payment numbers” aka “virtual account numbers.”
My previous comment should have concluded with the following URL to the referenced article:
http://www.banktechnews.com/article.html?id=200407019QJ08C3A
In today’s news, “Ireland gets world’s first disposable ‘credit card'”:
http://news.yahoo.com/s/nm/20050830/wr_nm/ireland_creditcard_dc_1&printer=1
Security is the big problem the credit card companies are grappling with. There is such a huge amount of their yearly budgets fighting credit card fraud, lost and stolen credit cards, and of course identity theft.
Trying to find money, time, and resources to completely overhaul their technologies is a real challenge going forward. (I know….I used to work for Amex)
Betty
Yeah on the security,
I just receive a snail mail telling me that the company had a security breach, somebody had breached/hacked into the data bases and my credit card info was one of the ones that got snatched.
It was a few days before I was notified, but as soon as I found out, I cancelled and had them re-issue me a new CC.
Gabby
I used the PayPal Virtual Card when it was launched and had my only problem in over 10+ using PayPal. Of couse, it was an unauthorized transaction that took me MONTHS to get straight, although I called and emailed them several times within an hour of the original transaction fraud.
I think there are problems with it being secure. I definitely feel it’s harder for them to control hacks or what have you than if you have to use a real card, so I figure that’s why so many of these one time use cards have disappeared. You get them because you want it to be more secure, just to find out that it is actually much less secure.