A Bear's Face on Mars Blake Lively's New Role Recognizing a Stroke Data Privacy Day Easy Chocolate Cake Recipe Peacock Discount Dead Space Remake Mental Health Exercises
Want CNET to notify you of price drops and the latest stories?
No, thank you

Commentary: AmEx plan lessens risk for customer, merchant

The idea of one-time "disposable" credit card numbers is potentially an important advance in security for online retailers as well as customers.

The idea of one-time "disposable" credit card numbers is potentially an important advance in security for online retailers as well as customers.

The major potential risk in e-tail is not the interception of an individual's credit card while it is being transmitted to an online store. Rather, the larger risk is the retailer's database being broken into and all the credit card information that it has accumulated over time being stolen.

Security experts have

See news story:
AmEx unveils "disposable" credit card numbers
been sounding the alarm about this risk, but so far only limited techniques for securing these records exist. As a result, retailers have been forced to face a major and increasing business risk of liability for the theft of credit card information.

American Express' introduction of one-time-use credit card numbers is a creative idea for alleviating that risk, both for the individual making an online purchase and for the retailer. As important as this is, however, META Group believes that it is only the first of a series of e-commerce services that the company and other financial services players may announce, ranging from credit card aggregation to consolidated bill presentment and payment and culminating in much more sophisticated risk management.

From the merchant's standpoint, we believe that many retailers will be able to outsource transactional security and even broader risk issues. We believe that AmEx and other major credit card institutions are in the best position to offer new solutions to take advantage of multiple-channel retailing and enable customers to make purchases online and offline in a secure format while addressing both privacy and security concerns.

Beyond basic economics, many merchants use credit card numbers to track and analyze customer data. One-time-use credit card numbers will force these merchants to stop this "worst practice," and either track customers based on different identification or pay the financial services provider to run the analyses.

We are also concerned that disposable credit cards may significantly increase the complexity of financial tracking. How well will a customer service representative be able to track numerous charges made to a real credit account through disposable numbers? Not only will there be more numbers to track, but their ephemeral nature will also make it difficult to reconstruct complex purchases.

We expect other large brick-and-mortar financial institutions to enter this competition aggressively with their own sets of services to support e-commerce. CapitalOne is already advertising its services. This market trend reinforces our overall conclusion that the winners in e-commerce will be companies that develop effective hybrid strategies in which their online and traditional business models combine to reinforce each other. In this case, the major financial institutions are starting to use their mastery of traditional financial businesses and great resources to move aggressively in the e-commerce space. Online-only institutions will be hard-pressed to hold onto their market share against this competition.

In effect, by offering one-time-use credit card numbers, AmEx is taking on some of the risk of online retailing. This move also has tremendous implications for alleviating the huge computer loads that effective security for e-commerce transactions will generate.

However, retailers will still need to authenticate the customer, provide security for the connection between the customer and his or her sites, and also ensure that the connection from their sites to AmEx and to their own background processes--and to any third-party retailers involved in the transaction--is secure. Finally, they must still ensure the security of any databases they have that maintain information on their customers, even if that does not include usable credit card numbers.

Meta Group analysts Dale Kutnick, Peter Burris, Val Sribar, David Cearley, Gene Alvarez and William Zachmann contributed to this article.

Entire contents, Copyright © 2000 Meta Group, Inc. All rights reserved.