As some have pointed out, Citi had this[1] since about 2004, Fleet/Bank of America [2] had it in their setup as well for as long as i can remember.
The problem is going to be PCI compliance - the rules that govern merchant procedure for accepting physical credit cards. Specifically, the last 4 digits must be visually validated on the card and typed in to avoid cloned cards (chips largely solve this) in most stores.
Furthermore, giving a new CC number to each transaction is going to deplete the pool of available CC numbers rather soon (as im sure everyone knows, CC number is not just random collection of 16 numbers 0-9).
As other people pointed out, this solves a non-problem: if i don't want to be liable for a fraudulent purchase, i just use a credit card, not a debit card. In case of CC fraud, it is the MERCHANT who is responsible, not the customer or the bank.
Monitoring software that flags "odd" purchases is all that's needed - and banks have been running such things for ages.
Yes, there is hassle if your CC gets lifted/swiped, but chances are, its not an evil hacker doing it, but that cute waitress at your local bar with a $30 ghost reader in her hand.
Unless the physical card generates a new number on EACH swipe, it is just another example of technology looking to complicate an otherwise streamlined process.
The banks' monitoring software is in fact a hassle for me. I've only ever had legitimate purchases denied. The retailer's order flow is not usually optimised for this case, requiring a tedious, often manual process to get my order reinstated, while at the same time often causing the retailer to treat me with suspicion (they can't tell why the charge was denied the first time, and are sometimes reluctant or unable to retry the same card again).
As far as I can tell, Final is not really about reducing fraud, which, as you correctly state, is mostly a non-problem for customers. Instead, its value is in increasing my personal convenience, by reducing the annoyances the credit card companies force me to deal with as a direct result of their absurdly outdated technology.
I was traveling across the country last month and bought some expensive sunglasses and my card was declined. (My cab purchases and other legit looking travel items worked just fine). I immediately on my phone got a text asking if this purchase was legit, replied with '1' for yes, and my card was accepted after trying again few seconds later.
I've headed this off before by calling the 24x7 number on the back of the card before I leave the country or go on vacation across the USA and tell them to flag my account that I will be traveling. This usually takes about 5 minutes.
I want you to consider how wrong you might be. Filtering is defensive in nature, and the quality of a banks' filtering affects the value of CC numbers stolen from it. How many false positives will you accept in order to make your CC number virtually worthless to thieves?
I have no idea of course. Maybe the bank is incompetent and getting robbed blind, but I think what I describe above is a distinct possibility.
I would look into other credit cards or banks then. Capital one and my local back (San Francisco Fire) just talk to me about "hey we've noticed these suspicious transactions, verify please?"
Bank of America also has disposable numbers for their credit cards, one reason I still keep my card with them. You just pick how long the number is active for (min 1 month) and it spits out 16 digits. I use it for all my online transactions.
> As other people pointed out, this solves a non-problem: if i don't want to be liable for a fraudulent purchase, i just use a credit card, not a debit card.
The video never claims to solve the problem of being liable for fraudulent purchases.
The video claims it solves the problem of having only a single credit card number, and having to change the credit card number on file with all your web services (PayPal, Apple/Google, various subscriptions, etc.) when you get a new card, because it expires, or when one is cancelled because someone snatched your card info.
I'll also add that other banks, I think Chase, also had this feature. But they stopped doing it because I guess not enough people were using it.
So yea, while I am happy for Final, as someone who has used disposable numbers for years, I am having one of those "I listened to their music way before they were cool" moment.
The problem is going to be PCI compliance - the rules that govern merchant procedure for accepting physical credit cards. Specifically, the last 4 digits must be visually validated on the card and typed in to avoid cloned cards (chips largely solve this) in most stores.
Furthermore, giving a new CC number to each transaction is going to deplete the pool of available CC numbers rather soon (as im sure everyone knows, CC number is not just random collection of 16 numbers 0-9).
As other people pointed out, this solves a non-problem: if i don't want to be liable for a fraudulent purchase, i just use a credit card, not a debit card. In case of CC fraud, it is the MERCHANT who is responsible, not the customer or the bank.
Monitoring software that flags "odd" purchases is all that's needed - and banks have been running such things for ages.
Yes, there is hassle if your CC gets lifted/swiped, but chances are, its not an evil hacker doing it, but that cute waitress at your local bar with a $30 ghost reader in her hand.
Unless the physical card generates a new number on EACH swipe, it is just another example of technology looking to complicate an otherwise streamlined process.
/rant over :)
[1] https://www.cardbenefits.citi.com/Products/Virtual-Account-N... [2] http://lifehacker.com/5831160/use-virtual-credit-card-number... [3] http://www.getcreditcardnumbers.com/