At a time when online credit card fraud seems like a foregone conclusion, here's one potential solution: Instead of trying to prevent card numbers from being pilfered on the web, simply use numbers you don't mind being stolen.
That's the pitch from a startups that specialize in offering virtual cards -- credit or debit card numbers that link to real payment accounts but that can be used only at a single merchant or that expire as soon as they're used, limiting the potential damage if a hacker gets hold of them.
"It's a way of muddying the waters," said Boling Jiang, chief executive of New York payments startup Pay With Privacy. "Fraudsters get these numbers, but they're useless."
Jiang's company and rival New York firm Token Payments offer free online services that allow you to pay with your existing checking, debit or credit card accounts. Oakland startup Final offers a credit card of its own. The three have similar features, designed to make users feel more secure giving out payment information to online merchants.
They allow users to generate an unlimited number of virtual cards, which act like ordinary credit or debit cards and come with expiration dates and three-digit security codes. But unlike ordinary cards, they can be set to expire after a single use or after a certain amount has been charged to them, or they can be locked to a particular merchant.
If a fraudster steals the number you gave to one merchant and tries to use it at another, the transaction will be blocked.
The companies aren't worried about running out of card numbers. There are 10 quadrillion possible 16-digit numbers, and virtual card companies have the option to recycle numbers that no longer are in use.
By creating payment information that would be of limited benefit to thieves, the companies are mimicking other security measures and payment technologies, including chip cards.
When you swipe a credit or debit card at a store, the magnetic reader is giving the merchant the 16-digit number printed on the front of the card. That's an attractive target for fraudsters who can try to use those numbers elsewhere if they hack into the retailer's network. That was the concern when there was a data breach affecting some 40 million Target customers in 2013.
When you insert a chip card into the checkout-counter readers, the merchant is getting what's known as a token, or a single-use number that is useless if stolen.