Can the Web be made safe for credit cards? Online merchants say it’s safe enough, but plenty of shoppers disagree.
Various studies show that as many as 80 percent of people who make financial use of the Web don’t trust it with their credit card numbers. They might check the Net for prices and products. But for actual purchasing, they visit the store or pick up the phone.
Credit card issuers, hoping to calm these fears, are always on the lookout for new technologies that might make you feel safe.
The latest is a system for creating disposable credit card numbers. You use each number once and poof! it disappears. So there’s nothing in the merchant’s data bank for hackers to steal.
Shoppers have two financial security concerns today.
First, they worry that their credit card numbers will be stolen and used. As a practical matter, that’s a minor issue. By law, they’re liable only for the first $50 spent by a fraudster and most card-issuers waive even that.
The second and far greater problem is identity theft. If crooks get your name, credit card number, Social Security number and other identifiers, they can create a virtual you. They’ll open accounts in your name, charge up a storm and ignore the bills. You’ll be dunned and sued, and it can take a year or more to straighten out the mess.
Technological innovation
ID thieves can steal credit card numbers from many places stores, restaurants, mail-order businesses but the Web lets them steal wholesale, by breaking into the databases held by the merchants themselves.
Hence the appeal of credit card numbers good for only a single use. They’re currently available in three slightly different formats from American Express, Discover and the credit card bank, MBNA America.
Amex developed its own system, called Private Payments. Discover and MBNA use technology from an Irish company called Orbiscom.
Here’s how the disposables work:
You download the disposable-card technology onto your computer. A little icon at the bottom of your screen tells you it’s there.
The next time you’re Web shopping and see something you want, you carry the item to the site’s checkout page. But instead of entering your own, permanent credit card number, you click on the icon for your disposable card.
The card pops onto your screen and you enter your name and password. You then get a one-time number for the single purchase you intend. Once used, it isn’t good any more. Your real number is hidden away at the bank, where you hope hackers can’t go.
It’s like writing a check “it can’t be put through twice,” said research analyst Moriah Campbell-Holt of Gomez Advisors in Waltham, Mass., a service that rates Web companies. Hackers who steal the number steal air.
Question of convenience
Single-use numbers can be inconvenient, according to Jupiter Media Metrix Senior Analyst James Van Dyke. They can’t be used on one-click shopping sites like Amazon, where permanent card numbers must be stored.
They’re also no good for automatic monthly payments, such as phone service billed through your Internet service provider.
You can get around these problems, however, with an option offered by Discover’s DeskShop program and MBNA’s ShopSafe. They let you assign a permanent (phony) credit card number to a site where you do ongoing business. If you use several such sites, each one would have a different number.
That gives you shopping convenience without revealing the true number on your real, plastic card.
In the end, only online merchants can earn customers’ trust by making their data banks safer than they are today.
Syndicated columnist Jane Bryant Quinn can be reached in care of the Washington Post Writers Group, 1150 15th St., Washington D.C. 20071-9200.
