Credit card issuers have tried all kinds of ways to erase consumer fears about shopping online - from digital wallets to zero-liability policies - and their latest enthusiasm seems to be for made-up account numbers that expire after one use.
It is no surprise that several small, private technology companies are selling systems for disposable account numbers, but it is somewhat striking that both American Express Co. and MBNA Corp. have thrown their weight behind such systems. According to software vendors, at least two more major card companies will soon announce similar offerings.
Opinion seems to be divided over whether consumers really want to enroll in these programs, and whether they actually add any further protection. Some people in the banking industry consider them the answer to online security fears - real or perceived - while others say they are just another gimmick that will be abandoned and forgotten within a year. The latter camp argues that consumers do not want to take any extra steps in order to engage in online shopping.
In September, American Express became the first to come forward with a disposable-number scheme, a product it calls Private Payments. A few weeks later MBNA America Bank followed with ShopSafe.
The products work in similar ways. Consumers download software from the card issuer's Web site, and an icon gets transferred to their desktop. When the consumer is ready to buy something at an online store, he or she clicks on the Private Payments or ShopSafe icon and enters a password. These actions generate a one-time-use credit card number to give to the retailer.
When the time comes to reconcile the transaction, the one-time numbers generated by Private Payments and ShopSafe are matched up with the shopper's true credit card account number at servers located inside issuers' data centers.
"We are trying to get people who are window shoppers," said Michelle Shepherd, vice chairwoman of MBNA. "I think this will answer customer security concerns."
There is a bit of a catch. Because the numbers are good for one purchase only, they do not work everywhere - they cannot, for example, be used to pay for subscription services that place regular charges on a card. Online stores that keep credit card information on file for one-click shopping, such as Amazon.com, cannot accept disposable credit card numbers. Transactions that require a card to be presented more than once, such as car rentals, will not work with disposable numbers, nor can the numbers be used for reservations made more than one month in advance. On its Web site, American Express gives Private Payments users a series of tips on when they should forgo use of disposable numbers.
Orbiscom Inc., the New York-based technology company that MBNA selected for ShopSafe, says its software lets people indicate if a disposable card number will be good for a limited number of reuses, such as for a subscription service.
Orbiscom first launched its wallet with Allied Irish Banks in August. In two months of use, 10% of Allied Irish's active Internet banking customers who had credit card accounts downloaded the software, according to David Roberts, e-marketing manager with the Dublin bank.
Mr. Roberts said he cannot yet point to any evidence of fraud reduction among users of the disposable credit card but said he has seen a marketing benefit.
"It requires people to use Internet banking," he said. "And if they have a credit card and Internet banking service, why wouldn't they use the rest of our banking services as well?"
Other issuers acknowledge the marketing upside of disposable card products.
"We will use these in new marketing," said MBNA's Ms. Shepherd. "It is one more opportunity to put MBNA in front of the customer."
But analysts suggest that disposable credit cards will meet the same fate as digital wallets, which card issuers were promoting last Christmas as a quick and easy way to fill out online order forms. Despite those efforts, less than 1% of Internet shoppers are still using their wallets, according to research from GartnerGroup Inc.
"At the end of the day, disposable credit cards don't reconcile the main problem," said James P. Punishill, an analyst with Forrester Research Inc., Cambridge, Mass. "Consumers are both lazy and security-conscious. That means they don't want to do any work, but they want to know that everything is protected."
Mr. Punishill said card issuers will have to find ways to cut fraud other than asking consumers to download and operate programs that may conflict with other software or not work flawlessly.
"The problem with this solution is that it makes consumers who are already hesitant jump through more hoops to buy online," said Christopher Kelly, an analyst and security expert with Forrester.
The potential marketing gains, along with a relatively low cost, make issuers willing to take another chance on the strategy of offering programs that will put their credit cards on their customers' personal computers. Orbiscom's chief executive officer, Graham O'Donnell, said it could cost a card issuer as little as $500,000 to get a disposable credit card system up and running, and could take as little as six to eight weeks.
Issuers who license the software typically pay a fee proportional to the number of customers who use the software, Mr. O'Donnell said.
Analysts say issuers might do well to spend their money on other initiatives, such as consumer education. "If they are protecting consumers, they don't need to" promote fancy account number schemes, said Joseph Marino, an analyst with Current Analysis, Sterling, Va. "They should explain to the consumer that they don't need to be worried."
Forrester's Mr. Punishill said online credit card use should more closely mirror offline use. "Think about credit cards offline," he said. "Consumers have to do very little to protect themselves against fraud. It is complete laziness on the part of the consumer, and the credit card industry has figured out how to make it work."
According to Stamford, Conn.-based GartnerGroup, 58 million people in the United States buy merchandise on the Web, but 21 million only window-shop, perhaps eschewing transactions out of security concerns. Vendors of disposable credit card software say their products will bring the window shoppers to the checkout counter.
Hacker attacks and other well-publicized cases of identity theft have left consumers wary. In January, a hacker stole 300,000 credit card account numbers from CDUniverse.com, from an unsecured server at the music retailer's site. Other thefts have received publicity, and resulted in consumers being asked to cancel credit card accounts and apply for new numbers.
In a 1999 customer survey by GartnerGroup, 87% of respondents were "very concerned" about sharing their credit card information online. When Internet users who do not buy online were asked why, equal portions said they either saw no value in buying online or they did not want to disclose financial information. A survey commissioned by Intelishield.com Inc., a Denver-based disposable card software developer, came up with similar results.
"Imagine when you are shopping, up pops a little box that says, 'Here is a secure number, use me,' " said Gary Heatherington, chief executive officer of Cyota Inc., a New York-based disposable credit card software developer. "So you get to be the first card in the wallet, the card gets used more often, you get reduced attrition, additional balances, interchange, and interest - all the things that come from card usage."
From Our Archive: