It’s 2018, and if you’re an adult you’ve probably been caught up in at least one major credit card hack — maybe the Target card hack from 2013, or the recent hack that nettedcredit card numbers from Chipotle and other retail locations.The modern retail economy has a lot of incentives to make it easier to pay for what you want. Only a few hundred years ago, we were all walking around carrying baskets of eggs and woven cloth to barter. Precious metals like silver and gold made it a little easier to figure out the rate of exchange, but were also heavy!The banking system came along and eventually paper money and paper checks made it possible to pay for things without needing a back brace, but it was still a pretty slow system, where payment could take anywhere from a few days to a few weeks to make its way around.Enter credit cards, invented (roughly) in the 1950s. Over time, improvements in access (nearly anyone over 18 can get some kind of card now, and many minors have access to a card through their parents) and in technology have made them one of the easiest ways to pay for what you’re buying. And it’s just getting easier.At first, credit cards weren’t widely accepted, and transactions still had to be recorded on pen and paper (or typewriter) and took time to go through completely. Eventually, computers, satellite technology, and the Internet reduced all the time involved to a few seconds.Now swiping your card, or pushing it into a chip reader, is being rapidly replaced by simply tapping the card on a reader if you buy something at a retail location, or just entering it into a field on a computer screen. Up next, maybe a connection directly into your brain . . . okay, not yet, but you see what I’m saying. There’s very little friction involved in paying for anything with a credit card anymore. That’s very convenient, both for us as buyers and for merchants.But the increasing ease of paying has also made credit cards vulnerable to the kinds of hacking and fraud that have sent lots of credit card numbers sloshing around the Internet. It’s not fun to keep close tabs on your accounts and try to catch fraudulent charges, and banks spend a lot trying to prevent people’s numbers from getting out into the world.
“Virtual credit cards” try to help solve the security problems caused by credit cards, while still allowing you to buy what you want with the ease of use of a normal credit card.The main problem with credit card security is that the same identifying information is used every time to link you to your card. Your name, the credit card number, the expiration date, and the security code printed on the back of the card never change. That means that once the data is stolen, either in a major hack or old-fashioned credit card theft, it can be reused by someone who isn’t you. (This is why you’re always encouraged to cancel your cards immediately after losing them.)Virtual credit cards use computers and the Internet to solve a problem largely created by computers and the Internet.They use dynamic rather than static data to verify your identity with online retailers.
Most online retailers, ranging from Amazon and Target on down, store their customers’ payment information. It’s very convenient for everyone involved not to have to re-enter the data every time. But the problem is that hackers can and do routinely gain access to that data, leaving you at risk of identity theft and fraud.Virtual cards, unlike your normal credit card, use an app to generate a new (numerical) credit card number, or “token,” for every single transaction. That token is transmitted between the bank and the retailer to confirm that it’s ok to put the transaction through. But unlike a normal static token based on the information printed on your card, these tokens can’t be used again, making its storage and potential theft useless to would-be fraudsters.
I’m not going to lie: it’s a bit more of a pain to shop with a virtual credit card than it is to shop with a normal one. Notmore — but it requires a little thought and a separate login credential to your bank or virtual credit card service. Maybe it’s fair enough to take the extra step if it protects you from identity theft, though!One thing to be careful about: since virtual credit cards, by definition, don’t have a physical version, you can’t use them in any situation where you need a physical card present. This doesn’t come up a whole lot with online purchases, but if you use the card to reserve tickets online, you should print your tickets out rather than relying on the will-call window!
While most of us are probably going to be individual virtual credit card users, if you own or help manage a business, these cards can really help solve one of any company’s biggest problems — multiple employees needing to make purchases on the business’s behalf, from printer ink and toilet paper to plane tickets and client dinners.Just like individual credit cards, static “company cards” are open to theft. And if a company card with a single number is shared by a few people, it can also be prone to abuse if you can’t figure out which employee made which purchase.If you’re at a U.S.-based business, you’ll want to talk to your bank about its virtual credit card offerings. American Express offers one such service, called “vPayment,” which only works with corporate cards. But if you’re in Europe or the UK, regardless of what bank you use you might want to check out the service offered by Spendesk (which does hope to expand to the U.S. soon). Spendesk allows employees to request authorization, and once an expense is approved by a manager, the employee gets access to the token and makes the payment.
Random numbers, like the kinds used by virtual credit cards, are so much more secure than static numbers that it’s probably inevitable they will become more widespread. I’d expect to see virtual credit cards more and more integrated into digital and mobile wallet services like Visa Checkout, Google Pay, Apple Pay, and so on.I also expect to see them become more seamless from a user perspective — with less logging into your bank’s website and more integration into browsers and payment apps. The economic imperative to combine safety with ease of use makes this seem inevitable.