American Express Co. introduced a product Thursday that will let its cardholders make purchases online without transmitting their actual account numbers.
Private Payments will be available to Amex consumers and small-business cardholders free of charge in about one month, the company said. It will generate an alternative number that customers will be able to send to merchants and that can be used for only one transaction, the card company said.
Since online fraud and Web site breaches have become fodder for national news stories, merchants and card companies have been racing to introduce prevention methods.
At least two other companies have launched products similar to Private Payments - though these companies do not have Amex's high profile or impressive brand name - and other Internet firms have developed different types of antifraud measures.
"Consumers have a real fear that their card information could be stolen when shopping on the Internet, and this fear is the biggest obstacle from companies doing business on the Internet," said Alfred F. Kelly Jr., group president of U.S. consumer and small-business services at American Express in New York. "There's an increasing number of consumers online browsing and shopping, but we want to turn them into buyers."
Though American Express is calling Private Payments an "industry breakthrough," it would not be the first "disposable" credit product to hit the market.
This year Orbiscom, an Irish company, released a product called the O-card, which was licensed by Allied Irish Bank in Dublin. The bank has already integrated Orbiscom's software into its credit card processing system, so the alternative numbers can be traced and linked to the cardholder's real card number for authorization.
Graham O'Donnell, chief executive officer of Orbiscom, said his company has had extensive discussions about the O-card with Amex over the past 18 months, but Amex decided to develop its own product, at least for the United States.
Orbiscom, which has been testing its product with Visa and MasterCard for over a year, said it already has licensing agreements with some major U.S. banks, but the company declined to reveal their names.
Mr. O'Donnell said he questions whether American Express will be able to get its system running smoothly within a month. "These things are a great deal more complex than people assume," he said.
Another start-up, Intelishield of Denver, has developed a similar product. The company keeps customers' credit card numbers at its own site, under lock and key, and then has banks route their online transactions through the site, which then sends the merchant a made-up number that expires after being used for one transaction.
American Express said its product is easier to use than Intelishield's. With Private Payments, a cardholder can click an icon on a home computer, enter a user name and password, select the American Express card for the transaction, and transfer the new number to the merchant's order form.
Analysts said one of the main benefits of Private Payments is that it will be seamless for merchants, which will not even know that the number is not the customer's real number.
"The merchants don't need any special software," said Thad Peterson, a partner at Edgar Dunn Consulting in Atlanta. "It takes the merchant side of the problem out of the equation in terms of online security and acceptance."
Unlike American Express' Blue card - which made waves last year when it became the first credit card with a microprocessor chip to be mass marketed in the United States - Private Payments is not dependent on a cumbersome device like a smart card reader, Mr. Peterson said. Blue card customers who want to use the chip for online authentication have to buy a reader from American Express and hook it up to their computers.
"Blue is a device-dependent strategy," Mr. Peterson said. "The penetration of card-reading devices for Internet security has not been as substantial as they had hoped."
Mr. Kelly said there have been complications with the Blue card readers, but most of the problems have been solved.
Many industry experts have long said that Blue - which also has a magnetic stripe, like other credit cards - is little more than a very clever marketing tool, and that there is little benefit to its chip as a security device.
"Blue was a brilliant idea from a marketing standpoint, and that's as far as I'll go," Mr. Peterson said.
Mr. Kelly said Blue was "designed to attract a new type of person to Amex, someone who is tech-savvy."
The new product will be available on all consumer and small-business cards, including Blue, he said. "It broadens the number of consumers we can provide security for."
Private Payments is the first of a number of security and privacy protection products that American Express plans to release in the next year. Another product, under development with Privada Inc. , a three-year-old private company in San Jose, Calif., will let customers choose how much of their personal information is shared when they surf the Internet.
The device, which will be introduced by yearend, will let customers select from settings ranging from sharing their full identity with the Web sites they visit to maintaining complete anonymity, American Express said.
Other offerings in the "new suite" of privacy and security products for electronic commerce will be announced next year, the card company said.
|Online Safety, |
the Amex Way
|How Private Payments work|
|1. Cardmember registers for the free service at an Amex web site|
|2. The customer finds something to buy online|
|3. Customer clicks on Private Payments desktop icon, or goes to Private Payments' web site|
|4. A user name and password are supplied|
|5. A unique number with expiration date is created with the transaction|
|6. Cardmember transfers this information to the merchant order form|
|Source: American Express|