-
As Visa has been ramping up its promotion of one-time-use card data for security, Discover Financial Services is winding down its support of a similar technology. The key difference is that the system Visa is pushing is used at the point of sale, whereas the one Discover is discontinuing is used online.
August 31
Just as Discover Financial Services is discontinuing single-use account numbers, MasterCard Inc. is making them a central feature of a small-business offering.
One-time card numbers have long been pitched as a way for consumers to protect their accounts when they shop online. Instead of using their permanent account numbers, shoppers can give online merchants a disposable one that cannot be used to make further charges if it is stolen.
As e-commerce has matured, so has consumers' comfort level in shopping online. But small businesses have different security concerns, MasterCard says, and these concerns are driving demand for disposable account numbers today.
"The explosion of use has been more around business-to-business payments," says Michael H. Fiore, senior vice president and group head for MasterCard inControl.
MasterCard's inControl product was earlier targeted to large companies and to consumers as a financial management tool. It lets users set spending limits by merchant category, dollar amount and even which day of the week it is. MasterCard recently expanded inControl to small-business owners to help them delegate spending.
For example, when a business owner allows an employee to make a specific purchase, the owner can set restrictions on when that item is purchased and how much it can cost. Instead of requiring the employee to use the business owner's card, MasterCard allows a one-time card number to be generated for that purchase.
Since there is no physical card to go with the one-time account number, its use is considered a card-not-present transaction. MasterCard is working on ways to link the temporary card numbers to mobile phones for card-present payments made by bar code or near-field communication, Fiore says.
The one-time-use card number adds security even in situations where spending limits are not needed, he says.
"It provides a very controlled way to make payments to vendors … you get an almost complete removal of abuse or any type of security concerns," Fiore says.
Many businesses deal with companies on a one-off basis, such as a travel agent working with a hotel. In such an instance, the agent may not want his or her card number kept on file with the hotel for any longer than necessary. With inControl, the agent can instead use a one-time card number and not have to worry about its misuse, Fiore says.
The one-time card number technology was developed by Orbiscom Ltd., a Dublin software company MasterCard bought in 2009. The $100 million deal was the second acquisition MasterCard made after going public in 2006.
One-time card numbers have been offered for years, and "generally it's been not a failure, but a big disappointment" in terms of its level of adoption, says Avivah Litan, a vice president and distinguished analyst at the Stamford, Conn., market research company Gartner Inc.
When Discover decided to discontinue its one-time card number program, it said that the technology was made obsolete by other fraud protections. While businesses have fewer liability protections than consumers on checking accounts, they are generally better protected with credit, Litan says.
"Really MasterCard is trying to protect itself with this, more than everyone else … if it was that compelling, I don't think that Discover would have shut it down," she says.
However, whether or not one-time-use card numbers are the most compelling technology, "there is a lot of truth to what MasterCard says" regarding small business' fraud concerns, Litan says.
