Want CNET to notify you of price drops and the latest stories?

AmEx unveils "disposable" credit card numbers

As part of a new suite of online security and privacy products, American Express cardholders will be able to make purchases on the Internet with a one-time-use credit card number.

Stefanie Olsen Staff writer, CNET News
Stefanie Olsen covers technology and science.
Stefanie Olsen
5 min read
American Express today announced a new suite of online security and privacy products, the first of which is a "disposable" credit card number for its members.

As previously reported by CNET News.com, cardholders using the disposable credit card option will be able to log on to a secure Web site and receive a one-time-use credit card number to make purchases over the Internet.

The free service will be offered to small businesses and consumer cardholders within the next 30 days.

The company also announced

Meta Group says the idea of one-time "disposable" credit card numbers is potentially an important advance in security for online retailers as well as customers.

see commentary

a program called "Private Browsing" in partnership with Privada, a California-based privacy services company. The service, to be launched in November, will allow customers to "set the meter" on how much information is collected about them while browsing the Web or allow them to surf incognito.

The move to offer private payments could ease consumer fears that their credit cards are vulnerable to online theft. There have been several recent instances of credit card information and other personal data being stolen on the Web.

"This is truly unique in that your account number does not cross over the Internet at all," said Alfred F. Kelly, Jr. president of American Express' U.S. Consumer and Small Business Services.

Kelly said this initiative was the next logical step in the company's history of safeguarding consumers. American Express began offering protection against online fraud in 1998 for its members, saying that cardholders would not be liable for purchases made with a stolen card.

Cardholders will be able to sign up for the throwaway cards at American Express' Web site. Customers will fill out an online form and can opt to download software that will be easily recognizable by merchants that accept American Express.

When shoppers using the software get ready to buy something online, a "Private Payments" box pops up at the top of the screen and will ask for the customer's name and ID. The one-time-use credit card number then will automatically appear in the box along with an expiration date.

American Express is no newcomer to e-commerce. While its regular credit cards can be used to make purchases on the Internet, the company also has created services geared specifically to build consumer confidence on the Net. AmEx's Blue card, introduced last September, is embedded with a computer chip and comes with a free card reader, allowing customers to transfer credit card information directly to Net retailers.

Privacy concerns and online credit card fraud have sullied the appearance of Internet business in the past. In a recent survey, researchers found that a majority of Americans are concerned about online businesses collecting their personal information.

Exacerbating worries, a privacy breach at home furnishings retailer IKEA this week exposed thousands of customers' contact information, resulting in the company shutting down a portion of its site. Online retailer Amazon.com also had to fix a bug on its site that revealed numerous affiliate members' email addresses.

Credit card fraud is a particular hindrance to e-commerce. Jupiter Communications estimated last year that online retail sales will reach $40 billion by 2002 but said that figure could be almost $18 billion less if privacy concerns aren't addressed.

In July, a man was arrested for allegedly breaking into two NASA-owned computers and stealing credit card numbers that were used to make more than $10,000 in unauthorized purchases.

Earlier this year, a hacker who took advantage of a security breach in CD Universe's database demanded $100,000 in exchange for thousands of its customer names, addresses and credit card numbers.

Because credit cards are the primary means for shopping online, consumers worry about their safety, and privacy advocates are pushing for technology to protect purchases.

"When you go to buy something online you can only use credit cards, but they provide no privacy protection, and your name is right out there," said Lance Cotrell, president of Anonymizer, an online system for privacy. "So an effective, anonymous payment system is critical."

But such technology is just one answer to the privacy question.

"The real keys for an anonymous Web (are) baseline government protection with teeth--and (up-front) technology for users to protect themselves," Cotrell said.

Some privacy experts say they think the plan to give customers the ability to surf anonymously and buy with the disposable cards is a landmark event for the industry.

"It's the full monty," said Larry Ponemon, senior partner and global leader of the privacy practice for PricewaterhouseCoopers.

"This proves the point: If you're smart enough and work hard enough you can come up with solutions to privacy that do not diminish business prosperity."

Ponemon said the announcement will set the stage for more privacy companies and partnerships with brick-and-mortar concerns. "Other credit card companies will be fast followers using similar types of technology," he said.

The technology could be a boon for online merchants, which often bear the brunt of credit card fraud. Unlike credit card transactions at offline companies, in which the bank that issued the card is usually liable for fraudulent transactions, online merchants are typically forced to cover the losses. By limiting the number of active credit card numbers used online, occurrences of credit card fraud may drop significantly.

Earlier this year, travel site Expedia recorded a fiscal third-quarter charge of $4 million to $6 million to cover the cost of fraudulent transactions on its Web site. The company said stolen credit cards were used to book travel reservations.

American Express' new technology, which is one component of today's announcement, will give consumers a way to limit access to sensitive financial information and shop more easily at stores with an unproven track record.

The credit card and financial company also has set its sights beyond consumer e-commerce, cutting deals with several business-to-business players, including Ariba and IBM, to streamline business transactions and purchases on the Internet. Last month, American Express launched a new company, dubbed MarketMile, to delve deeper into electronic payment services in the business-to-business market.