Image: Couple Making Online Purchase © Fuse, Getty Images

If ever there was a solution in search of a problem, it's the virtual, or disposable, credit card number.

Credit card companies starting rolling out these programs more than a decade ago to get people comfortable with using their plastic for online shopping. Instead of giving online merchants your actual account number, you could give them a substitute number generated by the card company.

Sometimes these virtual numbers expired after a single use. Other times, you could use the same number repeatedly.

The response to these programs was, in a word, underwhelming. American Express axed its version a few years ago. Discover announced it was pulling the plug on its virtual card number program in September, but it reconsidered after a vocal minority protested, said Ben Woolsey, the director of marketing and consumer research for CreditCards.com. Bank of America and Citibank still have programs but don't appear to put much marketing muscle behind them.


Some of the programs initially suffered from what data-security expert Avivah Litan of Gartner Research calls a "klugey interface" that made generating the virtual numbers harder than it needed to be. Even after those problems were solved, users still had to go through an extra step or two to get the numbers -- and few saw any reason to endure even that minor hassle.

"It was a half-baked solution to begin with," Litan said. "It wasn't well thought out."

Liz Weston

Liz Weston


Here are just some of the reasons virtual numbers didn't catch on:

  • Zero liability. Federal law limits consumers' liability for fraudulent use of their cards to just $50, and the major credit card issuers waive even that nominal cost. The credit card company either eats the cost of a fraudulent transaction or charges it back to the merchant that accepted the card. "I've used (virtual numbers) a couple of times, but honestly they're too cumbersome," one of my readers wrote on my Facebook page. "It takes too long to create them, and since I'm not liable for any purchases anyway, there's little reason to use one."
  • Anti-fraud software. Credit card companies use sophisticated programs to analyze every transaction and flag any that seem suspicious. The programs have gotten better over time, which is why credit card fraud is "less than 1%" of the total volume of transactions, Woolsey said. "The credit card industry is very good at detecting fraud and stopping it in real time," said Woolsey, who has been the victim of such attempted fraud on several occasions. "I've never had to catch it. They (the credit card companies) got it first." In cases where fraudulent purchases actually go through, users may have to fill out some paperwork and wait for a replacement card to arrive, but for most the inconvenience is fairly minimal.
  • Limited protection. Purchase transactions made online are typically encrypted, so your biggest risk when using your plastic is that your number will be stored in a database that can later be hacked. If you use virtual numbers online, you may think you're out of the woods. Here's the problem: You can't use virtual numbers offline. If you use your real card number anywhere, it can be compromised. Bad guys can tamper with the card readers, as they did at Michael's stores. Or a waiter can run the card through a skimmer, capture all your card information and sell it to a criminal who can create and use the new card. (Read "Is your waiter a thief?") Or evildoers can hack into the databases of credit card processors.


Still, virtual credit card numbers have their fans. Some of my readers said they like the extra layer of security.

"I use this when I buy from retailers I've never worked with before, and it has saved me a few times when a product I've ordered has never been received and the retailer has stopped communicating with me about the purchase," one wrote. "The thought of someone having my real credit card is very worrisome. Knowing that the number has a limit and an expiration date is great."

Curtis Arnold, the founder of card-comparison site CardRatings.com, said he's been a fan of the programs for years, but concedes that he's comfortable enough shopping online that he doesn't use them.

"If you're more cautious about shopping online and about security, it can give you a level of comfort," he said.

I'm not going to try to talk you out of using virtual numbers if you like the programs. I will suggest some more effective means for safe online shopping, such as:

Stick to familiar sites. Go directly to the sites where you want to shop, rather than following search links, which can be manipulated to send you to unsafe sites.
Check for indicators that a transaction is encrypted. Before you enter your credit card number, check whether the Web address on the page begins with an "https," a sign of security, rather than just "http." Browser windows have some kind of indicator, so look for the picture of the unbroken key or closed lock. A broken key or any open lock indicates the site isn't secure.
Set up alerts. First, make sure your credit card issuers have your current email address and phone numbers so they can reach you quickly in case of a suspicious transaction. Then set up text or email alerts if a purchase is made over a certain amount. This can help you detect a fraudulent transaction that slips through the issuer's security net.
Install, update and run anti-malware programs. Ever-evolving spyware and virus programs can steal your financial information from your computer. Update and run your protective programs frequently.
Don't use public hot spots to shop. It's pretty easy for bad guys to fool you into thinking you're on a legitimate Wi-Fi site when you're not. Plus, anybody near you can peer over your shoulder and see everything you're entering.

Click here to become a fan of MSN Money on Facebook


Scan your statements. To avoid liability for fraud, you have to report it promptly -- specifically, within 60 days of the time your statement is sent out. It's a good idea to review your transactions online once a week or so to stop fraud as quickly as possible, but at the very least you should take a close look at your statement every month.

Liz Weston is the Web's most-read personal-finance writer. She is the author of several books, most recently "The 10 Commandments of Money: Survive and Thrive in the New Economy" (find it on Bing). Weston's award-winning columns appear every Monday and Thursday, exclusively on MSN Money. Join the conversation and send in your financial questions on Liz Weston's Facebook fan page.