[ale] OT: Cell Phone recs Was Re: Android secondary security

Lightner, Jeffrey JLightner at dsservices.com
Fri Apr 14 16:41:54 EDT 2017


I've been using this feature with BofA Visa for several years now (at least since the end of 2007).   There is a newer Visa wallet(?) thing BofA has started offering but I haven't used it (which I why I don't recall the name off the top of my head)

Discover Card had a similar random card number creation but it didn't let you set limits or expirations - it was simply an alternate number that posted to your real card.   Anyone that hacked that number would be able to use it but at least you'd be able to trace the hack back to the one merchant to whom you'd provided it originally.   However, Discover got rid of it a couple of years back.

I'd read something online last year that made it sound like one of the other banks (Chase maybe?) had a similar setup associated with their MasterCard but I've not used that one.


-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Alex Carver
Sent: Friday, April 14, 2017 4:24 PM
To: ale at ale.org
Subject: Re: [ale] OT: Cell Phone recs Was Re: Android secondary security

This has been tried many times in the past by various entities.  For example, shortly after American Express released their Blue card (circa
2001) they gave away card readers to plug into your home computer for the chip on the card.  The concept was to facilitate online shopping without transmitting your real card number by way of a token generated by the card.  The process never really caught on though it might have been a bit ahead of its time.

MasterCard at one point in the early 2000's had an online tool to generate one-time-use numbers for your card as well.  These did not have preprogrammed limits but they expired as soon as they were used.  Again this didn't appear to catch on.

Perhaps now that online shopping has exploded in the last few years we'll see a return of these features.

On 2017-04-14 07:17, Kyle Brieden wrote:
> I sincerely believe with every fiber of my being that BoA is one of 
> the worst companies to ever have existed, but that's actually kind of cool.
> It's like using keepass/lastpass for your CC numbers.  I wonder why 
> more banks don't do this?
> 
> ---
> Very respectfully,
> Kyle Brieden
> 
> On 14-04-2017 09:34, Lightner, Jeffrey wrote:
>> Further OT but this is why I like Bank of America's Shopsafe.
>>
>> Rather than giving people my real credit card number I can give them 
>> a temporary number generated in Shopsafe.
>>
>> Moreover I can set a limit and an expiration on the card of as little
>> as 2 months.   If I expect to pay $33 I might set the limit to $40 to
>> allow for taxes or other charges not immediately apparent but they 
>> can't charge more than the limit I set.
>>
>> Another benefit I like in Shopsafe is that once the temporary number 
>> it has been charged by any one merchant it can't be processed by any
>> other merchant.   This means if the site I input the number on gets
>> hacked right after I do the input and the merchant has already 
>> charged me (as is usually the case) the hacker gets nothing for his effort.
>> One can generate multiple Shopsafe numbers to use at different 
>> merchants.
>>
>> This is also great for "services" that require you to give them a
>> card for "automatic renewals".   If you don't want the automatic
>> renewal you set the Shopsafe number to expire before merchant's
>> renewal date and the "automatic" will be rejected later.   (Of
>> course you also set the limit to only allow the one charge so if they 
>> "automatic" on you before the expiration it will also fail.)

_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo



More information about the Ale mailing list