For more than ten years, Discover Card had a feature called Secure Online Account Numbers. It wasn’t heavily promoted and its presence gradually diminished to a single link at the bottom of your account page, but it was an extra security measure that I appreciated. The feature allowed you to create a custom credit card number for each online merchant you did business with. The number could only be used with that merchant, so in the event of a data breach as in the major one that hit Target, your exposure to fraud would be significantly reduced and recovery from the breach would be much easier to deal with (just deactivate that number and set up a new one for that one merchant, if you still want to do business with them).
I had used these numbers sparingly until a few years back when my main Discover Card number was compromised somehow and used in a fraudulent transaction by, according to the fraud report, Patricia Frankovich of Pittsburgh (who I like to imagine rotting in a jail cell, but unfortunately the small amount of the charge probably didn’t lead to any action). The fallout and recovery from that incident were so painful that I started using the secure online numbers for everything.
Unfortunately, as of March 15, 2014 the feature is now permanently retired, apparently due to patent or licensing issues (the FAQ about the discontinuation says, “Regrettably, the technology on which Secure Online Account Numbers are based is owned by Mastercard and no longer available to us, so we are unable to continue to offer it to cardmembers.”). I’m really looking forward to the day when two-factor authentication is standard for all online transactions.
I agree and I like the method too much to change the way I do online purchases. That means using virtual numbers from my Mastercard instead of using my Discover card. I liked that Discover allowed the virtual account number to be used for years. My Mastercard only allows the virtual number to be used for about 2 months. So generally each virtual number is used for only a single purchase. Both cards restrict the use of these numbers to one merchant. I know that the risk of fraud is low and that the card companies will reimburse charges that are made fraudulently on your account, but why not add one more layer of security? For me it’s a better way so it’s back to the Mastercard. Thanks for your blog entry. Ben
So far I haven’t seen the feature offered on my Mastercard (or Visa for that matter), but I’ll be taking another look for it. The first couple of years I used the Discover feature I thought they were one-time numbers, so I kept recreating them for every transaction, even at the same merchant. It wasn’t until I talked to the account reps during the fraud resolution that I learned they were valid until the same expiration date as the card.