Do Virtual Credit Card Numbers Really Protect You?

For years, credit card issuers such as Citi, Discover and Bank of America have touted single-use card numbers, or “virtual credit cards,” as a means of thwarting credit fraud. Generally speaking, the idea behind virtual card numbers is this: consumers download a piece of software to their computer that generates a new credit card number for each transaction, potentially allowing the creation of card numbers for specific merchants with set credit limits and expiration dates. These numbers can be used either online, over the phone or through the mail, but not anywhere a physical card is required.

Though their use is free, consumer adoption of the technology has been low, prompting American Express to drop the feature several years ago. The latest revelations about the limitations of virtual card numbers, as reported in this SD thread, are not likely to help spread their use, either.

The claims, in fact, are a bit unsettling.

According to the original poster on SD, a merchant was able to successfully use an expired virtual credit card number to make a fraudulent charge:

They used an expired ShopSafe number from a couple of years ago. Not only was it expired but it was for more than the limit I had set for that number.

I was shocked that Bank of America had accepted the clearly bogus charge from an expired and over the credit limit virtual card number. The ShopSafe CSR explained that if a merchant used a manual claim (rather than electronic processing) that they were legally required to accept the charge and it was up to the customer to spot the fraud and dispute the charge. WTF! Apparently, if you’re a crook just make sure you submit manual charges and all will be well.

Later in the thread, another poster, who claims financial industry experience, writes this:

Typically, when a merchant runs your credit card through, virtual or real, they get an authorization number form their processor that this is a valid card and than the merchant can claim their money through this authorization number.

However, an authorization number is not required. Any merchant can just bill the account based on account number and expiration date regardless of whether or not this is an active account or expiration date. The bank will pay them in this scenario as well.

So, apparently there are no automatic safeguards in place if the merchant processes the charge as a manual claim.

It should be noted that most people in the thread that had experience with Citi’s virtual account numbers felt that they worked as expected, blocking unauthorized charges. So on the surface it appears that Citi’s system may have more safeguards in place than Bank of America’s.

What’s the moral of the story here? It appears that virtual card numbers do not offer a level of protection as robust as credit card companies would like you to believe. In the scenario where the merchant manually processes a fraudulent claim, the consumer can easily initiate a chargeback, assuming they notice the charge. But unfortunately, that would seem to defeat much of the purpose of virtual numbers in the first place. With or without virtual numbers, consumers will need to remain vigilant in watching their statements for unexpected charges.

Want to keep up with the latest credit card deals?


  • NOJ

    What virtual credit cards are out there?
    Are there any virtual credit cards that don’t charge anything to open an account? My first time visiting your website. And I don’t know how to use search engines?

  • Michael

    My Citibank virtual credit number failed me. I placed an order from an online merchant with it using an expiration date and spending limit, even closed the virtual credit account number before it was used fraudulently 4x.

  • Anon

    I don’t believe any of the b.s. written in this article to try to get people to not want to use virtual cards. I do NOT believe they have any problems at all. I’ve never had a problem with mine being fraudulently used EVER. The only reason consumer use has been LOW has been that none of these credit card companies like to spend the money to offer the feature and do NOT advertise it.

    I believe this webpage is written in collusion with the credit card companies who want to drop the feature and are making up lies about fraud. The only fraud I ever was victimized by was from the physical card before I started using Shopsafe. If they discontinue virtual cards I won’t be using credit cards at all.

Leave a Reply

Your email address will not be published. Required fields are marked *