from the you-pay-your-money-you-take-your-chances dept.
From MasterCard Launches Online V-Card for X-Border Shopping:
KB Kookmin Card, in partnership with MasterCard, will introduce a virtual credit card that will allow overseas customers easy access to retail sites such as Amazon.com. The “SecurePay” protects users from personal information theft.
By issuing a virtual credit card number, users essentially get a one use number that would be useless to thieves. The service will be provided free of charge to all KB MasterCard users, including the users of the KB MasterCard debit card.
KB Kookmin is a South Korean bank, and I live in the US, so this isn't very useful to me. I seem to remember something about this feature or something very similar being available in the US (I think from Bank of America) but I haven't heard anything about it. Does anyone know of a bank that provides this type of services that issues cards in the US?
[Editor's addition]
What are the downsides to using a virtual credit card? Have you actually used one? What was your experience? Have you tried any pre-paid credit cards? Also, as we have an international community, comments on your experiences elsewhere are appreciated, too.
[Edit: Added link which was accidentally removed from original submission.]
(Score: 0) by Anonymous Coward on Sunday October 05 2014, @04:37PM
Is this different from one-time use, temporary numbers with amount and time restriction?
(Score: 2) by davester666 on Sunday October 05 2014, @05:51PM
No.. I believe this amounts to "welcome to 10 years ago" [at least for some card companies]
(Score: 2) by Bot on Sunday October 05 2014, @04:43PM
I have been using virtual credit Cards since 2007 I guess, bank of S.Paolo group Italy.
Initially some site did not recognize it but it went well after. They probably took into account that some sites make a small transaction to test the card and then refund. Saved me a headache when one web host tried double billing me.
Of course, for recurring payment, you have to update it every time. Or you generate some card which lasts for 1 year but then it is a regular debit card.
You have to connect as securely as possible to the bank when having one issued, but then you have to do that for all home banking ops.
Account abandoned.
(Score: 3, Informative) by VLM on Sunday October 05 2014, @05:14PM
"Have you tried any pre-paid credit cards?"
Yes, stereotypical way for teens to shop online. So my kids buy them with cash or get me to buy them for their use, etc.
AFAIK they "just work". It is microscopically more convenient to get a amazon GC if you want stuff they sell, or steam or itunes or whatever so they don't get the generic prepay CC very often, but it sometimes happens.
I would imagine it really confuses business models oriented around "you can prove you're 18 or over by using a credit card". You know, like Google. Perhaps there is an API hook in the CC payment network to tell if a CC is "real" or prepay.
(Score: 5, Insightful) by Justin Case on Sunday October 05 2014, @05:15PM
I am fed up with giving anyone my account number. Credit card, checking, whatever... the financial system, in the USA at least, seems to be that if someone can guess or steal a number they can have all the money in that account. Stupid when it was designed, absolutely intolerable in the present reality. And no, I'm not mollified by assurances that my losses will be limited or I can open a fraud case. They won't reimburse my time or side effects like overdraft fees and why the hell should I have to fucking bother in the first place? I didn't authorize that transaction! Nobody stole my identity. They fooled you into giving them some of your money!
I want to authorize transactions not accounts. When I'm setting up the transaction, I should be able to put limits on the date range, money amount, and even merchant who can receive the funds. Once the transaction is done it should be possible to publish all the details on a billboard and no chance of fraud -- because the transaction already happened and can't be repeated.
I've looked at baby steps in this direction a few times but they often come with ridiculously high fees or other conditions. Or the bank does something stupid like saying you have to install this Windows .exe to use our service.
Does anyone know of a nice clean transaction-based system? Available in the US would be best, but I'm also interested in what's being done in countries that aren't so backward and technologically illiterate.
(Score: 0) by Anonymous Coward on Sunday October 05 2014, @06:36PM
When I'm setting up the transaction, I should be able to put limits on the date range, money amount, and even merchant who can receive the funds. Once the transaction is done it should be possible to publish all the details on a billboard and no chance of fraud -- because the transaction already happened and can't be repeated.
That is almost exactly how boa's shopsafe works. First merchant to charge the disposable number is the only merchant who can ever charge it, you specify an expiration date and a maximum limit at the time of creation. I regularly email shopsafe disposable numbers in the clear because I figure the window between when I send it and the merchant authorizes it is too small for a thief to sneak in and charge it first.
You don't need a windows .exe for shopsafe, but you do need flash in your browser (I run linux) - until this past summer I had a bookmark that let me load the flash app directly, but they got stupid and now I have to log into the website and then bring up the flash app from within that session.
Also, it looks like Abine has something similar, [abine.com] maybe even better, they seem to say that they not only use virtual numbers, but let you present a fake name to the merchant as well. I don't have the full details, if anyone does, I'd really like to hear them. I'm a gunshy of how they screwed up their start-up/acquisition of the Taco add-on. [theregister.co.uk] It really gave them a bad association in my head.
(Score: 0) by Anonymous Coward on Sunday October 05 2014, @10:49PM
Citi also does that. The features are identical (up to requiring Flash), so it might even be the exact same system. I use it for most of my online purchases (the association with a merchant makes it not work for Amazon purchases that mix Amazon Marketplace and normal Amazon items because they appear as different merchants on the credit card bill).
(Score: 2) by mtrycz on Sunday October 05 2014, @09:02PM
Have you already tried bitcoin? It's as convenient as a debit card.
The price fluctuations are quite big now, but maybe they'll settle in the future.
In capitalist America, ads view YOU!
(Score: 0) by Anonymous Coward on Sunday October 05 2014, @09:16PM
> Have you already tried bitcoin? It's as convenient as a debit card.
Overstatement of the year.
(Score: 0) by Anonymous Coward on Sunday October 05 2014, @11:45PM
I'm looking forward to that bubble bursting.
(Score: 2) by bradley13 on Monday October 06 2014, @06:17AM
I'd mod you up, but you can't get +6 Insightful. This is exactly the problem with (a) the US banking system and (b) credit cards, which stem from the US banking system. When I was in the US, winding down my mother's affairs, I was totally shocked: I would call up a company to ask for a final bill. They would ask me to just the numbers off a check over the phone, so that they could debit it. Wow. I'm some random voice on a telephone, maybe got hold of an unused check, and they can charge a bank account when I read them the numbers off the check?! What utterly laughable security.
The credit cards and the Internet have taken this to new heights of absurdity, and their "solution" is to invent the CVC code. Apparently that didn't work so well either, so a couple of weeks ago I was informed that I am required to install their special app on my phone. Which I haven't done, because...it's fascinating how an app that generates simple authentication codes needs access to so much personal information... :-/
Why hasn't some new payment system with genuine security long since taken over the Internet? Too much resistance from the MC/Visa monopoly. They aren't actually competitors - all big banks are involved in both - and they sure don't want to allow any upstart to get a foothold...
Everyone is somebody else's weirdo.
(Score: 3, Interesting) by PizzaRollPlinkett on Sunday October 05 2014, @05:24PM
This story reminds me of a CC I had which I didn't use much, just for a few online purchases at well-known, not-dodgy stores where there were no known security breaches. This was several years ago, long before the high-profile data breaches. The profile for the CC number was as low as possible for it to still be active and usable. And one day, the card started getting random fraud charges out of the blue. I had not used the card too recently, maybe within the past month. There was no way I could have done anything to expose the number. The issuing bank just deleted the charges, and gave me a new CC number. I never heard anything about what had happened. That taught me that there's basically no way to keep a CC number safe. I wondered if the bank itself had been compromised, since they were totally silent about what happened. So protecting the number did me no good at all. Despite everything I did, somehow this CC number got leaked into the wild. In some way beyond my control.
(E-mail me if you want a pizza roll!)
(Score: 2, Informative) by Whoever on Sunday October 05 2014, @06:29PM
I used to find that, about once a year, there would be charges (or Citibank's fraud detection would notify me about charges) for flights in the Caribbean. The charges would be for $1k to $3k.
I became suspicious of a gas station, and since stopping buying gas there, the problem has not occurred. The pumps at Chevron stations are not as secure against skimmers as some other gas stations.
(Score: 2) by dry on Monday October 06 2014, @06:17AM
My understanding (at least up till a year or 2 ago) is that almost no service station pumps are secure. Only a couple of keys to open most pumps. Drive up to the pump in a van, open pump and add skimmer. Park nearby and download.
Even hear stories of grocery store etc card readers, the ones on a cord, getting swapped with a malicious reader and then swapped back at the end of the day. Just takes a couple of people and an easily distracted cashier.
(Score: 1) by Whoever on Monday October 06 2014, @01:47PM
If you look at Chevron's pumps (the ones near me), in order to refill the paper roll, you open a panel which also gives access to the card reader and electronics.
Some other gas stations have newer pumps in which the paper roll replacement does not give access to the card reader and associated electronics. Thus, there are fewer keys to this part of the pump in circulation. Is it 100%secure? No. Is it more secure? Yes.
(Score: 0) by Anonymous Coward on Sunday October 05 2014, @08:30PM
> Despite everything I did, somehow this CC number got leaked into the wild. In some way beyond my control.
They probably guessed it.
A standard CC number REALLY only has 8 to 11-digits.
http://www.creditcards.com/credit-card-news/credit-card-appearance-1268.php [creditcards.com]
The first 7-digits is a prefix that identifies the card.
The last digit is the LHUN formula check digit.
http://en.wikipedia.org/wiki/Luhn_algorithm [wikipedia.org]
Crackers/scamsters randomly/sequentially generate CC numbers that pass the LHUN formula then try to use them.
They work or they won't.
The thing is, they have to also allow for the expiration date and the security code(s) which add at least another 1.2 million possible combinations.
They 'keep trying' until they succeed because it doesn't cost THEM anything because they have millions of compromised computers under their control in vast 'botnets' spanning the Internet to do this sort of 'dirty work' for them.
The 'top shelf' crackers/scamsters either use sophisticated malware to 'skim' CC info from people using infected PCs/POS terminals/ATMs or outright (remotely) BREAK INTO computer systems where CC info is stored, steal it, then sell it to the 'suckers' in the 'underground' who 'card' them for usefulness then re-sell them to other 'suckers' for a profit.
http://en.wikipedia.org/wiki/Credit_card_fraud#Carding [wikipedia.org]
This is CC fraud in a nutshell. Frightening, isn't it?...
Nothing is really done unless there are MASSIVE breaches like the ones at TARGET, HOME DEPOT, and JP MORGAN.
It looks like the only way to stop monetary fraud is to either get rid of money altogether or institute swift, prompt capital punishment to guilty repeat offenders who CONTINUE to commit financial crime(s) OF ANY SORT--YOU ONLY GET ONE SECOND CHANCE!
(Score: 0) by Anonymous Coward on Sunday October 05 2014, @05:31PM
The rest of the civilised world has been using virtual cards for years, without any downside.
You're welcome.
Best regards.
(Score: 0) by Anonymous Coward on Sunday October 05 2014, @07:19PM
Dear 'rest of the world'
We have been too. I have used citibanks version of this for about 10 years now.
Your welcome too.
(Score: 2) by tangomargarine on Monday October 06 2014, @03:14PM
without any downside.
Funny how often I hear that. I remain unconvinced.
#mytimeisnotfree #jumpingthroughhoopsisfun #whatcouldpossiblygowrong #impossibletocrack
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by ticho on Sunday October 05 2014, @05:45PM
I've been begging both of my banks to start offering this, but they always look at me as if I was proposing manned flight to Alpha Centauri (IOW, something crazy, way outside realms of possibility).
(Score: 2) by kaszz on Sunday October 05 2014, @06:01PM
Open bank account with attached CC to it in a country that support virtual cards. Then just transfer money as you need to that bank?
(Score: 0) by Anonymous Coward on Sunday October 05 2014, @06:19PM
The only reason I keep my Bank of America credit card is because they have the same thing - shopsafe. [bankofamerica.com] All other financial transactions are with small local banks, credit unions and mostly consist of cash. I've been using shopsafe for at least 15 years now -- all of my online purchases are with the disposable CC#s. I've never had a problem with them either, but there is a loophole. [slickdeals.net]
I've looked into prepaid debit cards, they seem to have an assload of fees associated with them - load fees, usage fees (on the order of $5/transaction). But they do have the benefit of being anonymous (up to about $500) but if you buy too many of them the store might call the cops on you - can't find the link now but there was a story of a reporter who decided to try living under the radar for a month, they wanted to buy a cradle on amazon as his wife was expecting, but getting the prepaid debit cards from CVS needed to make the purchase anonymously on amazon resulted in a the clerk at CVS calling the cops on them for unspecified suspicions of drug dealing or money laundering.
(Score: 1) by Whoever on Sunday October 05 2014, @06:33PM
Isn't S. Korea the country where all on-line banking required IE with ActiveX? I don't know if this is still the case, but I seem to recall reading that all on-line banking in that country used an ActiveX control for some kind of security check.
So, does this support other browsers?
(Score: 1) by Whoever on Sunday October 05 2014, @06:37PM
Citicards have supported this for years. They have a multi-platform Java app that will get you a one-time number. I have not used it in a long time because the benefit to me is so small.
In the USA, I am not responsible for fraudulent use of my credit cards, so why do I care? At most once per year, one phone call to get the charge removed, then a letter to confirm this (under penalty of perjury), vs. using the Java app. every time I use a credit card online?
(Score: 0) by Anonymous Coward on Sunday October 05 2014, @11:18PM
I use once and awhile. Usually I use the real deal on most 'big' websites. However some sites just look a bit sketchy. They may even deliver the goods. But who knows how their backend is setup. I use it on those.
I also like to use it on sites that want to 'auto subscribe' you to something. No I do not need your vitamins every week. I just wanted the other thing I came here to buy.
Its saved me from a few 'auto payment' fiascos and at least 2 breakins.
(Score: 2) by dry on Monday October 06 2014, @06:23AM
Fraud still drives all the prices up, the money has to come from somewhere and the easier it is for the fraudsters to succeed, the more prices have to go up to cover the fraud. Besides do you like the idea of enabling fraudsters?
(Score: 1) by Whoever on Monday October 06 2014, @01:41PM
You are absolutely correct, in general terms. But, if I use the Virtual account numbers, will it have a significant effect on the cost of fraud? No.
So, if everyone used this system, then so would I. This is a selfish but practical approach. Besides which, as I explained elsewhere, it is my belief that physical (not online) use of my card has resulted in the fraud.
(Score: 2) by jelizondo on Sunday October 05 2014, @06:42PM
For several years Banorte [banorte.com] has offered a "virtual" debit card you can use to pay for purchases online in Mexico. There is no physical card, just a number and expiration date. You can add funds to it from your regular checking account or if you change your mind, withdraw funds from the virtual card into the checking account.
It works great except that it is accepted only in Mexico, for whatever reason.
(Score: 2) by tangomargarine on Monday October 06 2014, @03:11PM
Do they also offer that "feature" where they let you overdraft your debit for a $35 fee?
I really enjoyed when my bank did that for me. It's a freakin' debit card. It's not SUPPOSED to let you spend money you don't have! That's what you use credit cards for!</rant>
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Sunday October 05 2014, @09:32PM
(Score: 0) by Anonymous Coward on Sunday October 05 2014, @10:00PM
American Express had this 15 years ago then dropped it with no explanation.
Fuck them. I cancelled my card.
(Score: 2) by Leebert on Monday October 06 2014, @03:49AM
Discover, too. They dropped it like 2 years ago, brought it back almost immediately because people complained, and then dropped it again a year or so ago.
Not quite sure what's up with that.