Beautiful Trade/Single Use and Multiple-Use Virtual Cards
Single-Use and Multiple-Use Virtual Cards
A recent trend in cardholder security comes via virtual cards. Companies such as PayPal, MBNA, and Citi are among some of the larger competitors in this space.
A virtual card is used in card-not-present transactions just like a regular credit card, and it is processed by the merchant in exactly the same manner. In fact, the merchant is not even aware that this card is virtual, and thus treats it with the same care as the other card account numbers going through the merchant systems.
How virtual cards work
Each supplier differs slightly in its implementation of virtual cards, but there are essentially two variants: single-use and multiple-use virtual cards. Both types are usually generated “on the fly” via a cardholder request. An existing card account holder requests a virtual card from her virtual card provider for use on a particular e-commerce site. The provider supplies the account holder with a virtual card number, including an expiration date and CV2 security code. A single-use card can be used for a single transaction involving a limited payment. These cards typically expire in a matter of weeks or less and can be used only with the merchant designated during the cardholder’s request. Thus, lost or stolen information rapidly becomes invalid and worthless to the attacker. Multiple-use virtual cards are also available through many virtual card providers. These allow for use cases where recurring charges apply, such as paying a monthly bill. Multiple-use cards still carry with them many of the security features of their single-use equivalents, such as being valid with a single merchant and containing limited monthly charge caps. If a multiple-use virtual card is lost or stolen, an attacker could use the card only at that merchant and only for the authorized amount of the recurring charge. This mitigates a great deal of fraud.