Thursday , December 12, 2024

A New Card Aims to Combat Data Breaches with Unique Numbers for Each Transaction

Consumers are weary of dealing with the fallout from data breaches and want a better way to minimize their risk. The backers of Final, a new credit card with online-management tools that can set spending caps and produce virtual card numbers tied to specific merchants, hope to alleviate some of that dread.

To be tested with a limited number of consumers later this year, Final is not creating a payment method outside of existing networks, and it will operate on either the Visa Inc. or MasterCard Inc. network, Ben Apel, co-founder, tells Digital Transactions News. “We are not attempting to build our own infrastructure,” Apel says. Because of that, Final will not need to get explicit merchant adoption or require point-of-sale hardware upgrades, he says.

Final will have a chip for Europay-MasterCard-Visa (EMV) transactions and a magnetic stripe. Cardholders can use a companion app to manage the card.

Boulder, Colo.-based Final is concentrating on the consumer experience. “For a Final user, the payment experience for in-person, card-present transactions is no different than what they are currently doing to pay at a retailer,” Apel says. “The real difference is with online payments and the ability to generate unique card numbers that can be restricted to spend limits, and have Final manage those numbers automatically.”

Consumers will be able to provide 16-digit card numbers unique to specific merchants, ensuring that if a particular merchant is breached it is only that card number, and not the parent one embossed on the Final card, that has to be replaced. For example, when shopping on an e-commerce site, a Final cardholder using a Web browser plug-in could generate a unique card number to use with that merchant. Final securely stores the card number.

Card-not-present payments, generally made online via a mobile device or desktop computer, are growing as more consumers sign up for music-streaming services and ride-sharing apps and make more e-commerce and mobile-commerce purchases. And that’s created demand for minimizing consumer anxiety over data breaches, Apel says.

As for the issuing side, Apel says Final is talking to prospective issuers, but he declined to say more. Final also is developing its risk model, and has not made a decision about who might be eligible for its cards.

To date, Final has more than 37,000 requests for the test, but only a limited number will participate, Apel says. Depending on the results, more cards will be issued.

In addition to developing the business side of issuing a new credit card, Final also has to convince consumers about the benefits. Apel acknowledges that consumers who want to be more proactive about their finances likely are early adopters of Final.

This is not the first time an organization has tried to meld online management with a credit card. In 2009, NYCE Payments Network LLC, an electronic funds transfer network, was working on a scheme to enable consumers to create multiple account numbers that all had one master account number.

Final’s success, however, is dependent on finding an issuer, Nathalie Reinelt, an analyst at Boston-based Aite Group LLC, tells Digital Transactions News. While EMV, tokenization, and geo-location capabilities already exist with other card programs, what’s different about Final is the capability to generate a different card number for each transaction, she says.

“That comes with a major downside, however,” Reinelt says. “Customers run the risk of getting caught up in merchants’ fraud-prevention controls and [having] their online activity rejected. If merchants see the same customer name and address with a different credit card number each time, which is a common fraud indicator, it could result in merchants declining those transactions and create a negative user experience.”

And, despite the scale and frequency of card-data breaches, consumers may not be ready for Final’s level of management. “I\'d also argue that consumers aren\'t laying awake at night worrying about the next data breach, considering they are absolved from the financial impacts of those breaches,” she says.

“Admittedly, updating all your card-on-file accounts with a new number is annoying, but that scenario is not happening at a frequency so daunting that consumers are demanding single-use credit card numbers. Final has an interesting idea, but we\'ll have to watch how it is executed and whether or not they can find an issuer to support them,” Reinelt adds.

Check Also

Google Sues the CFPB After the Agency Slams Google Over a Wallet It No Longer Offers in the U.S. Market

Google Inc. has sued the Consumer Financial Protection Bureau following the CFPB’s action Friday asserting …

Digital Transactions