Master Your Card

A friend of mine has a Citibank credit card and has frequently used their virtual credit card number program. For those unfamiliar with the program, essentially, the consumer downloads a free piece of software that generates virtual credit card numbers. The consumer can then assign an expiration date and a set limit to the card. The idea behind the program is that it limits the exposure to your actual credit card information. Instead of using your real credit card information online or over the phone, this allows virtual numbers to be used that are then routed back to your account through Citibank.

On the surface, this sounds like a great program that really helps prevent fraud. For all intents and purposes, I suppose it is; however, there are a few kinks that still need to be worked out.

My friend recently got his credit card bill in the mail and noticed an unfamiliar charge. When he investigated the charge, he discovered that a merchant had pushed a sale through using an expired card that was also over the limit parameters he set to begin with. Concerned, he called customer service. The representative explained that the merchant used a manual claim as opposed to an electronic one, and that they were legally required to pay the claim. It then became the consumer’s responsibility to report any fraud.

Ok, so let’s take a look at this. The program which Citibank designed to help prevent fraud has a very big loophole in it. All it takes for the crooks of the world to steal our money is to get a hold of one of these cards and submit a manual claim. Then they walk away with the cash while it’s left up to the consumer to report it. And, let’s say the consumer doesn’t look at their statement too closely and misses it until they do an audit – assuming they do one – but it’s past the 60 days consumers are given to dispute charges. Do they have to suck it up because of Citibank’s weird loophole?

So, to give it a whirl and see how protected he really was, my friend tried a new virtual credit card number. He was eying a new desk top computer he’d put together at Dell.com and he set the virtual credit card limit at $200. The computer he wanted was $700. He got his new virtual number and went over to Dell.com to pay. What do you know? The $700 charge went through, even though the limit was $200. Again, my friend was concerned, so he called customer service and asked about it. He was given the same story as above. He asked if merchants ever submitted anything electronically and the representative told him of course they did.

In my opinion, the concept is a solid one. Clearly there needs to be some enhancement in security measures because it seems that it’s fairly easy to work around the system. I believe the frustration for my friend is that he can’t seem to get a solid answer on why it’s occurring. Perhaps it was coincidental that both of the merchants in question submitted a manual request; however, Citibank isn’t the only one with virtual credit card numbers having issues. Apparently, Bank of America and Paypal’s systems have some of the same issues.

But, that leads me to believe that it may be a network problem and not necessarily anything with the banks. I can tell you from experience, when several companies are using the same system software, getting something changed is a hassle because it has to be changed on everyone’s system. Other companies may object to the changes and to do it solely for one company costs quite a bit of money. So, that may be the overall problem. Even still, I would think that customer security would be a sufficient reason to have these problems fixed, if it is that they are all on the same network for this program.

So what do you think? Are these virtual numbers, overall, worth it? Or does it not really matter given the loophole?