Placing its imprimatur on a technology that many banks have spurned, Microsoft Corp. has entered into cross-licensing agreements with two software companies that provide one-time-use credit card numbers for Internet shoppers, and it will likely include this feature in an upcoming version of Internet Explorer.

Microsoft said it was “still working through” how it plans to incorporate products from Orbiscom Inc. and Cyota, two New York companies with similar products that mask a consumer’s card account number by assigning a different number, which is linked to the account and expires after one use on the Internet. The company would not set a date for any product introduction.

The two smaller companies said their deals with the software giant could lead to single-use credit card numbers being made available as a one-click option from the main screen of the browser Internet Explorer.

Ian Flitcroft, co-founder and director of technology for Orbiscom, said of Microsoft, “the one feature they haven’t got is a way to pay.”

“This allows them to put payment on the desktop without competing with the banks.”

Microsoft struck nearly identical deals with both companies. Both got the right to utilize a payment patent it holds, which covers the use of proxy credit card numbers that expire within two hours. In return, Orbiscom and Cyota gave Microsoft the use of patented technologies they have developed.

Brian Arbogast, vice president of Microsoft’s personal services group, said his company might work with banks to use these companies’ products to heighten the security of online transactions. “Bankers should not be worried,” he said.

The partnerships with Orbiscom and Cyota are meant to help Microsoft “figure out what are the requirements for issuers and merchants to help provide end-to-end security, and an end-to-end model for online transactions,” Mr. Arbogast said.

He said one of Microsoft’s strengths was its ability to develop products that met these requirements. “We will help [banks] deepen relationships with partners and provide a more secure model for online transactions,” he said. “We have got great skills at building platforms.”

Orbiscom holds a number of patents on what it calls Controlled Payment Numbers, for consumers who want to purchase on the Internet without revealing their account number. Cyota has a number of patents pending for similar technology, which it calls SecureClick. Microsoft’s deal with Orbiscom is for 15 years; the one with Cyota is for 20 years. The companies would not disclose the financial terms.

Though executives from both Orbiscom and Cyota insisted that Microsoft does not intend to use the technology to topple credit card issuers from the Internet payments throne, not everyone is convinced that Microsoft’s intentions are noncompetitive.

One analyst said these agreements recalled the days after Bill Gates called banks “dinosaurs,” and banks worried that Microsoft would take away their business. “Banks should be worried, and realize that this is the 1995 strategy with a little more wisdom and reality embedded in it,” said James Van Dyke, a senior analyst with Jupiter Media Metrix Inc., a New York research firm. “That doesn’t mean there is not a place for banks to play.”

Gary Heatherington, chief executive officer of Cyota, said that Microsoft’s plans are not yet set, but that it will put out some sort of new payment product in time for the 2001 holiday shopping season. “We are not yet sure what that is going to be,” he said.

But even if Cyota’s deal means that customers can get software for one-time-use account numbers from Microsoft rather than the card issuer, it will not be a threat to bankers, Mr. Heatherington said. Credit card issuers “own the customer,” he said. “They have the relationship.”

Mr. Heatherington said he couldn’t speak to Microsoft’s profit model, but said that “in my revenue model, the customer does not pay, but the bank earns incremental revenue from the service we provide. In the case of a credit card, that would amount to additional interest income and interchange income.”

Microsoft could potentially get a cut of the revenue if the product took hold.

“We don’t disintermediate banks, but you can’t have functionality without practicality,” Mr. Heatherington said. “You need mechanical means to make it work,” and “Microsoft was pleased to know we had a number of large customers we are working with. Clearly Microsoft is a large organization; they don’t need Cyota to do deals for them.”

Several companies have pushed software that creates one-time-use credit card numbers as an antidote to consumers’ fears about revealing their card numbers online. Only a few banks have decided to offer the feature to cardholders. American Express Co. introduced its own version of single-use card numbers, Private Payments, last September.

Among vendors, Orbiscom has been the most successful in signing up banks, beginning with Allied Irish Bank of Dublin, Orbiscom’s former headquarters. In the United States, it has licensed its software to MBNA America Bank NA, a subsidiary of MBNA Corp.; and Discover Financial Services Inc., a subsidiary of Morgan Stanley Dean Witter & Co. Cyota, which was originally an Israeli company and still maintains its research and development subsidiary there, says its system is used by Isracard, an Israeli card issuer.


Though Microsoft Corp.’s Windows for Smart Cards operating system has just seen its first rollout in a payment program, its manager says that smart cards are unlikely to get much use in payment systems in the next few years.For the time being, he says, Redmond, Wash.-based Microsoft thinks most smart card implementations will tend to be for network access or other security functions. However, the software giant will license its operating system source code just in case financial institutions or others wish to develop new payment applications for the cards, on their own. But banks should not expect Microsoft to work on smart card payment systems for them, even if they run a Microsoft-powered smart card program.

J.P. Morgan Chase & Co. is using Microsoft’s Windows for Smart Cards operating system in the Navy Cash program it introduced for sailors aboard a frigate. Each of the 170-member crew carries a chip card for purchases from vending machines and other on-ship expenses.

“Navy Cash is a unique thing,” said Michael Dusche, group program manager for Windows for Smart Cards, since the money circulates for a substantial time only on the ship.Beyond such closed-campus payment applications, Mr. Dusche said, smart cards will probably get far more use for secure access to computer networks or as repositories for medical information.

For these purposes the operating system “adequate for our needs for three to five years,” Mr. Dusche said. Microsoft will provide Morgan Chase a license to modify the source code just in case it wants to make changes in the system.

“At Microsoft, we look at things people say they would buy more of, or things where they complain about how they do it now,” he said. He said Microsoft Windows, the popular personal computer system, was the subject of many complaints. “We have years of work to do on that product, but how many people walk around saying, ‘Gee, I have no way to pay for this stuff.’ “

Mr. Dusche predicted that in the U.S. mass market, banks will use smart cards for other purposes than payment.

“Loyalty programs might be the third example” of good smart card uses, after access and medical records storage, said Mr. Dusche. “Weaker brands could be elevated if there were some great card out there.”

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.