14

I found this old question / answer that refer to the same problem: I used to generate a new virtual credit card number with BofA's ShopSafe service, set the credit limit / expiration date and I could be sure that the merchant couldn't charge more / later than those limits. This was a very, very useful service - naturally, BofA discontinued it (and called it "caring about my security").

Is this a trend in the industry? Are all the trustworthy issuers (read: large, well-known companies, like BofA) walking away from cards that provide this set of features?

Any suggestions on how to find this feature in a card?

Raj
  • 3,522
  • 5
  • 20
  • 39
xxbbcc
  • 241
  • 1
  • 5

2 Answers2

1

I'm writing an answer to expand on what @ceejayoz wrote in a comment on your question.

You asked,

Is this a trend in the industry? Are all the trustworthy issuers (read: large, well-known companies, like BofA) walking away from cards that provide this set of features?

Ultimately, yes - this is a trend. And there are a few reasons behind it, but basically it's because there are solutions available now which do a better job at the actual function you're trying to fulfill.

Historically, consumers generated and used single-use card numbers with fixed (low) limits as a way to protect their real credit card number from getting stolen during a transaction, and/or as a way to "limit" what a merchant could (potentially fraudulently) take from their account.

However, these virtual credit card numbers are an imperfect solution. There's essentially nothing stopping someone from stealing it and using it before the merchant can, once you've generated it: there's still a portion of the process that's vulnerable, because it's being done by users through user interfaces. That means there's a (fail-able) human element involved.

Further, virtual credit cards with artificially low limits could cause issues with merchants who may have legitimate reasons to charge you more or otherwise to alter the transaction after the fact.

Luckily, there are better solutions these days: most notably, electronic wallets (i.e. Apple Pay or Google Pay) which essentially do a better, automatic version of the same concept, but without the same issues. Essentially, when you use your card via an electronic wallet, the merchant gets a token to use for the transaction, so your actual card number is protected. That token is basically useless outside the scope it was created for, so it's more secure than a single-use card number. Also, since it's created and used automatically, and never directly available at the user interface, it's harder to steal (no one can shoulder-surf and write it down). Further, merchants get more flexibility to manage the transaction than they had with a single use card number, so it avoids the potential issues for merchants, as well.

These changes have lead to the trend you're seeing - card issuers are phasing out the single-use-card function because - for the most part - all parties involved (merchant, consumer, bank(s)) are better off by not using it any more, and using electronic wallets instead.

dwizum
  • 17,100
  • 2
  • 44
  • 61
0

According to this post on reddit:

BofA ending ShopSafe

It says

BoA is discontinuing ShopSafe.

I have been having a lot of issues as well getting virtual debit accounts via Stripe. Similar to what you're trying to do.

The conclusion that I came up with is two-fold:

1) Anti-money laundering - the regulators are cracking down on institutes on this. It's forcing them to be more risk-averse.

2) Charge Backs - If a retailer gets too many disputed chargers it can affect their rating and then get shut down.

It looks like this is not just BoA stopping things like this but most institutes. In a bid to reduce risk :(

Ben Miller
  • 116,785
  • 31
  • 330
  • 429
Chris Evans
  • 246
  • 1
  • 7