Increased cardholder awareness of data-security breaches is prompting more consumers to embrace single-use credit card numbers for online shopping, proponents say. However, while the proponents are quick to note the increased interest, they are equally elusive in backing their claims with hard data.
Single-use numbers are designed to protect a cardholder's personal information. Online shoppers at checkout key in the numbers, produced by software on their computers, to access their actual card accounts. The numbers cannot be used again, at least not at other merchants' Web sites, even if crooks access the data.
"We absolutely are seeing growth in demand for single-use numbers," says Diane Shaib, executive vice president of Orbiscom, a Dublin, Ireland-based company that leases software that creates single-use numbers. Clients include Discover Financial Services, issuer of the Discover card; Citibank's Citi Cards; Bank of America; and JPMorgan Chase, which is issuing virtual card numbers as part of a PayPal debit card pilot.
Orbiscom sees "millions upon millions" of single-use number transactions annually, says Shaib. She would not provide actual data, citing client confidentiality.
Discover and Citi were more forthcoming, but not much.
Steve Furman, Discover director of e-commerce, says the Riverwoods, Ill.-based issuer and network operator's Secure Online Account Numbers program has grown dramatically. During the first quarter, the number of cardholders who signed up for the program increased 170% from the previous quarter, Furman says.
Citi Cards executives would only say business is good. Citi Cards offers cardholders the single-use card numbers through its Virtual Account Numbers program.
"We're seeing a steady growth in the monthly and yearly use of VANs," says Rob Rosenblatt, Citi Cards executive vice president of e-business.
Since neither Furman nor Rosenblatt would give hard figures, it is not clear whether use of the numbers, or cardholders signing up to use them, is growing from a small or large base.
But online shopping is up. "The level of commerce on the Web continues to grow, and the use of our cards on the Web is right in step," Rosenblatt says.
During this year's first quarter, e-commerce retail sales reached $25.2 billion, or 2.6% of the $976.1 billion in total retail sales for the three-month period, according to the U.S. Department of Commerce. Retail online sales increased 7% from 2005's fourth quarter of $23.6 billion, the Commerce Department says.
While cardholders like the convenience of Internet shopping, they also are aware through media reports and sometimes their own personal experiences that their information is vulnerable to theft by Internet thieves or relatives. Indeed, growing awareness of ID fraud is giving cardholders more impetus to find new ways to protect themselves, says James Van Dyke, president and founder of consultancy Javelin Strategy & Research.
For issuers and vendors that support single-use card numbers, the consumer learning curve has been a long one. Issuers began offering Orbiscom's software in 2001. It received a lot of press but not a lot of consumer interest.
American Express Co., for example, introduced its program, Private Payments, in 2000 but dropped it two years later because not enough cardholders signed up, a spokesperson says. Private Payments also generated a one-time number for each transaction.
Internet-security firm Cyota introduced SecureClick in 2000, a single-use number product similar to Orbiscom's. But Cyota stopped promoting it in 2004 because of slow growth.
"Don't get me wrong. There was growth, but [SecureClick's] overall impact was very low. Its growth was in the single digits," says Amir Orad, vice president of the consumer solutions division at RSA Security, which recently purchased Cyota. "There are better ways to solve the problem with products that have a much wider impact."
AHEAD OF THEIR TIME?
Such fraud-fighting programs as Verified by Visa and MasterCard SecureCode have gained much more consumer acceptance, Orad says, claiming Cyota is the largest seller of those services in the U.S. and Europe.
Single-use numbers have had a difficult time building market momentum because they were a product ahead of their time, contends Citi Cards' Rosenblatt.
Shaib agrees. "It had a very slow build. Online shopping was in its infancy. Only early adopters shopped online, and no one discussed security because they did not want to scare people away [from the Internet]," Shaib says. "Now, online shopping has become a serious business. Every brick-and-mortar store has a Web site, and crime follows big business."
Issuers also did not make it easy for cardholders to use or understand single-use numbers, which initially confused cardholders because they did not understand the concept, says Van Dyke.
Orad contends some of the confusing messages relayed by issuers partly were the fault of cardholders. "They told us in surveys they were concerned about safety," he says. "But they didn't want to take the few minutes to download the software needed to activate single-use numbers or go to the Web site to obtain them."
Issuers also confused cardholders by giving them too many choices, Van Dyke says.
Discover realized this problem and eliminated the multitude of choices just as Alexander The Great solved the riddle of the Gordian knot. Alexander cut the knot with his sword, and Discover cut the number of choices cardholders had to make to use the service, Furman says.
Discover also re-launched its product 18 months ago and changed the name from Deskshop. The name change was important. Deskshop connotes a person shopping at his desk, but Secure Online Account Numbers connotes the feeling that the online shopping experience will be convenient as well as safe, Orbiscom's Shaib says.
With Orbiscom's system, cardholders download onto their personal computer an applet that launches single-use numbers from their issuer's Web site. The applet interfaces with Orbiscom's software, which is hosted on the issuer's computer.
When shoppers reach the online merchant's shopping cart and begin to check out, the applet recognizes that a transaction is about to occur and an image appears on the cardholder's computer screen asking if they want to use a single-use number. A positive response results in the applet filling out all of the required information, including the cardholder's name, the substitute card number and expiration date. In addition, it fills out the credit card validation value, which is the three- or four-digit number on the card's back or front.
The merchant then uses this information to complete the transaction, and the funds are applied to the customer's actual card account.
Furman says cardholders who sign up opt to use the service for all Internet purchases. The numbers are especially useful when the cardholder wants to buy from an unfamiliar seller's Web site, he says.
Though both issuers use Orbiscom's software, Discover's and Citi Cards' programs differ in one respect. Citi discards its Virtual Account Numbers after each purchase. Discover's cardholders can use the same virtual card number when shopping at the same merchant site, Furman says.
Both Citi and Discover are promoting their single-use card programs with greater vigor.
Citi markets the program by touting zero-liability protection if an unauthorized purchase is made with their cards, and the issuer continually monitors cardholders' cards for any fraud. The issuer also promotes its identity-theft fighting capabilities with clever television commercials. One features a weightlifter wearing a tank top T-shirt. When he opens his mouth, his voice is that of a California Valley Girl who talks about the new clothes and shoes she bought with the weightlifter's card.
Citi also promotes its program on its Web site, though the promotion can be difficult to find. Discover recently e-mailed cardholders information about its program, and it is promoting the service prominently on its Web site home page, Discovercard.com. Discover has advertised the service on television, though it is not doing so now.
There may be double-digit growth in the use of single-use numbers among the issuers supporting such programs. But until more issuers promote the service, other online-security programs touted by the card associations stand to achieve greater consumer adoption.
(c) 2006 Cards&Payments and SourceMedia, Inc. All Rights Reserved.
http://www.cardforum.com http://www.sourcemedia.com
