{"id":1000011,"date":"2006-05-17T15:58:45","date_gmt":"2006-05-17T20:58:45","guid":{"rendered":"http:\/\/www.elharo.com\/blog\/privacy\/2006\/05\/17\/virtual-account-numbers\/"},"modified":"2008-05-28T15:14:28","modified_gmt":"2008-05-28T20:14:28","slug":"virtual-account-numbers","status":"publish","type":"post","link":"https:\/\/www.elharo.com\/blog\/finance\/2006\/05\/17\/virtual-account-numbers\/","title":{"rendered":"Virtual Account Numbers"},"content":{"rendered":"

Citibank has launched a service<\/a> that I’ve wanted for a long time. You can now create a unique credit card number for each and every transaction that can only be used once. Perfect for those sites that want to charge you $9.95 for the first month and then rebill you every month until the second coming.
\n<\/p>\n

To use it you’ll need a Citibank credit card (not hard to get. They’d probably give one to my cat if I asked). <\/p>\n

There’s a desktop client for Windows, but Mac and Linux users will have to use the web interface. You’ll need to allow popups for this to work. First login at https:\/\/www.accountonline.com\/. Then you should see “Virtual Account Numbers” toward the top right of the page. Click it.<\/p>\n

\"Virtual<\/p>\n

You’ll then be asked to agree to some terms and conditions. There doesn’t appear to be anything too onerous in there, just the usual verbiage designed to make more work for lawyers. If you signed up for the credit card in the first place, you’ve already agreed to worse than this. <\/p>\n

Once you’ve agreed to the terms, a little Flash app loads in a pop up window. You’ll have to enter your username and password again. Then you can generate virtual account numbers, view the existing numbers, or look over the transaction history:<\/p>\n

\"Generate<\/p>\n

When you generate the account number, the window will show all the details you need to make a single online credit card purchase: name, account number, expiration date, and CVC code.<\/p>\n

\"Virtual<\/p>\n

I’m reconfiguring my office, and moving equipment around, so I experimented by using this virtual account number to order some Liberator<\/a> power strip extenders from Cyberguys<\/a>, a company I’ve never shopped with before. The transaction appeared to go through without a hitch. The order status currently shows “Awaiting CC Auth” though. We’ll see if it arrives. <\/p>\n

It occurred to me that I really ought to try buying two things to see if this really works like it’s supposed to, so next I went to ThinkGeek and bought a PowerSquid<\/a> using the same virtual account number. Wait a minute. That wasn’t supposed to happen!<\/em> The number was supposed to be good for one time use only! <\/p>\n

My guess is that ThinkGeek isn’t actually waiting to authorize the payment before showing me the confirmation screen. Either that, or Cyberguys didn’t authorize their payment fast enough and ThinkGeek got their first. (Luckily I need a PowerSquid too.)<\/p>\n

OK. Cyberguys just e-mailed me to tell me “We have been unable to obtain an authorization for the credit card number used for this purchase.” ThinkGeek still shows their order as Processing. I’m guessing ThinkGeek’s credit card authorization runs a little faster than Cyberguys, so they logged the sale even though I ordered from Cyberguys first. <\/p>\n

Of course, I probably shouldn’t have used the number for two stores in the first place. However this does point up a security hole. An attacker who grabs the credit card number might still be able to use it before it’s used for its intended purpose. The virtual account number reduces the window of vulnerability, but doesn’t close it completely. <\/p>\n

The whole process is too complicated to use routinely. Possibly the standalone Windows program is simpler. For sites I shop at regularly like Amazon and Fresh-Direct, I’ll just continue to use my real credit card number. However, for sites I may only shop at once, and where I’m not sure if I fully trust them, as well as for sites that want to bill me monthly even if I only need to use it once, this makes a lot of sense. I hope other credit card companies will follow suit. <\/p>\n","protected":false},"excerpt":{"rendered":"

Citibank has launched a service that I’ve wanted for a long time. You can now create a unique credit card number for each and every transaction that can only be used once. Perfect for those sites that want to charge you $9.95 for the first month and then rebill you every month until the second […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[410],"class_list":["post-1000011","post","type-post","status-publish","format-standard","hentry","category-finance","tag-flash"],"_links":{"self":[{"href":"https:\/\/www.elharo.com\/blog\/wp-json\/wp\/v2\/posts\/1000011","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.elharo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.elharo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.elharo.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.elharo.com\/blog\/wp-json\/wp\/v2\/comments?post=1000011"}],"version-history":[{"count":0,"href":"https:\/\/www.elharo.com\/blog\/wp-json\/wp\/v2\/posts\/1000011\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.elharo.com\/blog\/wp-json\/wp\/v2\/media?parent=1000011"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.elharo.com\/blog\/wp-json\/wp\/v2\/categories?post=1000011"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.elharo.com\/blog\/wp-json\/wp\/v2\/tags?post=1000011"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}