Question
Citibank has added a feature called Virtual Account Numbers that matches a similar feature offered for awhile by Amex: you can now generate additional account numbers for use online. This way, each time you use your credit card online, you can generate a different account number, can optionally set charge limits for each virtual number, and cancel virtual numbers individually once the authorized charges are posted. Presumably, you could also use these for recurring charges, such as health club memberships, where you want to be able to easily stop a merchant from making additional charges without changing your real credit card number.
This is all accessed from the accountonline.com site. They have a web tool and a downloadable tool to manage everything. I set up a virtual account using the web tool and was able to immediately use it for a charge. However, the charge didn't appear on the online list of charges immediately, so perhaps the batch has to be closed by the merchant and the charge completed before this happens.
So far, it looks like a great feature.
Answer
This would be a great way to sign up for those "free for 30 days" offers who conventiently "forget" to process your cancellation. You just make the card number invalid as soon as you sign up, and they can't charge you!
Answer
To follow up on my original post, I've now been using the Citibank virtual account numbers for about 6 months. So far, I've had zero problems. I've also used the American Express version, called Private Payments, and offer this comparison:
- Citibank has a much better system, in my opinion. It's almost always available, offers you the choice of "use once" numbers or numbers that are valid for multiple charges for up to a year, up to the total limit you specify. Also, Citibank provides the 3-digit security code that's normally on the signature strip for each virtual account number for those merchants that require it.
- American Express's system is rudimentary in comparison. It offers only the "use once" option, so it can't be used for situations where you want to sign up for a membership that has recurring charges. Also, they don't give you the 4-digit security code that's normally on the face of an Amex card, so you can't use the virtual account numbers at merchants that require such a number. Also, in my experience, Amex's web site for issuing the Private Payments number didn't work in three out of the four times I tried to use it.
Answer
Steve M, I very much appreciate your posting information on the MC virtual numbers (VNs).
The concept is excellent, although some (a third?) of my VNs have been rejected for payment. I don't know why this happens, but it just does. Fortunately, I don't use very many of them and I have arranged alternate payment methods (say, the real credit card number) when it does.
Has anyone else had their VN's rejected for no known reason?
My pessimistic side says that once a lot of folks start using these, Citibank will start charging for them.
------------------
Middle_Seat
Answer
Originally posted by CG:
This would be a great way to sign up for those "free for 30 days" offers who conventiently "forget" to process your cancellation. You just make the card number invalid as soon as you sign up, and they can't charge you!
Not sure if this is a good idea.. i even cancel one of my account before because inspite of my repeated phone calls to discontinue the service before the 30days, they kept charging!
Answer
Originally posted by Steve M:
American Express's system is rudimentary in comparison. [...] Also, they don't give you the 4-digit security code that's normally on the face of an Amex card, so you can't use the virtual account numbers at merchants that require such a number.
Yes, you can. I was able to use an Amex Private Payment number in combination with the real card's security code.
I've used the Private Payment service lots of times & never had a problem.
Saar
Answer
Originally posted by Saar:
Steve M said:
... they don't give you the 4-digit security code that's normally on the face of an Amex card, so you can't use the virtual account numbers at merchants that require such a number.
Yes, you can. I was able to use an Amex Private Payment number in combination with the real card's security code.
I've used the Private Payment service lots of times & never had a problem.
I stand corrected on the issue of the security code. Perhaps this is spelled out somewhere, but I didn't notice it. With the Citibank product, they issue an individual security code for each virtual account number.
[Edited to clean up formatting]
[This message has been edited by Steve M (edited 09-22-2002).]
Answer
Originally posted by Middle_Seat:
My pessimistic side says that once a lot of folks start using these, Citibank will start charging for them.
My sense is that very few people use this feature. They were promoted with great fanfare when they first came out, but seem to have almost disappeared into obscurity. Take a look at how much Amex promoted Blue with its embedded Smart Chip when it first came out. Now, you hardly hear anything about it.
By the way, I forgot to mention earlier about Amex Blue's Smart Chip and Private Payments. If you have a Blue card, then you can configure your account such that a Private Payment number can be issued only if the card is inserted into the Smart Chip reader that attaches to your computer (at the time, they gave you a free reader). After that, the transaction proceeded just like any other Private Payment transaction. By default, the regular Blue card account number would not work with online merchants. For other card types, Private Payment numbers can be issued over the web without a card reader, of course because non-Blue cards don't have Smart Chips.
This brings me to a peeve of mine about credit cards and security. Amex is the only US issuer to have Smart Chips in any wide distribution, and it's only for one of their two dozen or so card brands. I understand that there have been several competing standards proposed, with the one Visa is promoting being of course incompatible with the Amex standard.
It seems to me that in addition to providing more security, the card issuers and associations are also trying to turn it into a marketing benefit, such that they can add other features that we don't need at the same time, and if possible, lock out the competition.
If all they wanted to acomplish is a simple Smart Card embedded chip that would verify that the card is genuine, and where all issuers would agree to the same standard, then we would have had it in place now. For it to work, it would have to be such that merchants would have to upgrade their equipment only once for smart card readers that worked with all cards. But, they still seem to be feuding over incompatible standards, and we are left with the status quo.
Answer
Originally posted by Middle_Seat:
The concept is excellent, although some (a third?) of my VNs have been rejected for payment. I don't know why this happens, but it just does. Fortunately, I don't use very many of them and I have arranged alternate payment methods (say, the real credit card number) when it does.
Has anyone else had their VN's rejected for no known reason?
Have you been requesting the "use once" virtual numbers, or the multiple-use-up-to-a-limit numbers? Some merchants have a problem with the "use once" numbers if they do an authorization-only transaction, then later try to do a transaction that actually makes the charge without referencing the original transaction. In this case, Citibank sees two transcations, and rejects the second one.
In my use, I've always set up multi-transaction virtual numbers with a reasonable limit, so I would not have had problems with the merchants that are sloppy with their authorizations.
Also, my main motivation for using the virtual account numbers is that my main card number was compromised. I had online transactions from the UK start appearing on my account, so I had to get a new plastic card and change all of my auto-debit accounts. In my opinion, the most likely source of the compromise was one of several "second tier" online merchants that I've made purchases from. What I meant to say is that I have a high degree of confidence that the likes of Amazon.com will implement proper security practices. But, for smaller merchants that bought an off-the-shelf "shopping cart" package and configured their own web server, I'm not so sure. It takes only one of those that left open an anonymous FTP server with the transaction file in a public directory for my card to be compromised. If my card should be compromised in the future, I'm kind of hoping to find out which merchant was responsible by seeing which virtual account number was used.
Answer
Steve M,
I guess this is getting a little off topic, but I wnated to try and address what you were saying about smart cards. Yes, you are right in saying intercompatibility between platforms (or even just one platform) is essential for real growth and wide acceptance of smart cards. However, you have to remember that smart cards as payment instruments are very much in their infancy. Once one system really takes off this will become the standard to which all the others have to adhere. With the worldwide popularity of Visa/MC compared to AMEX, it seems likely the EMV system will be that one, despite the fact it's not really being used in the US as yet.
The other point you make about smart cards is that they are used only as a highly secure means of card verification. While this certainly is a very attractive feature of smart cards, it is their great flexibilty and ability to perform many applications that should make the atttractive to card users and issuers alike. You will be able to store personal information, coupons, reward points, passwords, addresses, enter your house and work building, etc etc....one day. But as you point out this will only be truly useful once a standard operating platform is developed.
By the way, I like the idea of virtual card numbers, that could catch on here as people have a great fear of card fraud, especially over the internet.
Sam.