Avoiding untrustworthy vendors is sound advice, but it is not always straightforward to evaluate them ahead of making an online purchase for the first time. This article introduces virtual credit cards, the reasons for needing them, and how they work as a viable countermeasure to reduce or avoid fraud.
A virtual credit or debit card works in the following way:
- New bank account – you first need to open a bank account that supports this feature to use virtual cards. This part of the process is the same as other bank accounts. Your existing account may already include such a feature.
- Create a virtual card – using your bank’s online portal, create a virtual card. The virtual card will include the 16 digit card number, the expiry date and the Card Verification Value (CVV) number found on the back of physical cards. The difference is that your bank will create the virtual card instantly.
- Make purchases – use the virtual card details to make online and telephone purchases without disclosing your physical card details
- Delete your virtual card – deleting your virtual card will immediately block all further transactions. You can keep your card details for multiple transactions or delete your card once a single transaction is complete.
Reasons for implementing these countermeasures include:
- Online accounts that don’t allow card removal – as customers, you should have the option and the right to delete your card details, but in practice, many vendors have not implemented this and refuse to cooperate if you ask for the removal of your details
- Avoid subscription scams – some vendors have hidden terms and conditions that state that you are joining a club by making a purchase. Consequently, the vendor takes money from your bank account and adds it to your online vendor account, ready for future purchases. This type of purchase deviates from how people buy goods and services and, combined with the fact that very few people read terms and conditions on websites because they are too long and convoluted, this can catch people out. This kind of behaviour will show up when reading online reviews.
- Stealth auto-renewal – vendors often keep hold of card details and set payments to renew automatically without informing their customers, either during the initial purchase or ahead of renewals
- Reduced need to cancel physical bank cards – the option to create and delete virtual credit cards means that if anything untoward takes place involving your bank account, it will not be necessary to request a replacement card. Removal of virtual cards will eliminate the risk.
- Free trials – many services offer free trials and require the use of a credit or debit card so they can take payment from your account at the end of the free period unless you choose to cancel the service. You must ensure that you are not legally obliged to make payments if you fail to cancel a service explicitly. Use of virtual cards for trial registration followed by immediate deletion will offer protection against vendors that:
- Make it difficult to cancel services
- Mislead you into believing you have cancelled a service
- Don’t respond to customer support requests for cancellation
- Refuse to let you remove your card details
Banks are unlikely to investigate issues if you have given your card details to a vendor and will likely tell you to speak to the vendor to resolve the problem. The outcome will depend on the overall credibility and trustworthiness of the vendor.
Other countermeasures include:
- Looking for reviews online – vendors often have reviews and testimonials on their websites, third-party websites, and discussions on social media. Sadly, fake reviews are commonplace, so you can’t always trust what you read.
- Looking for online complaints – if a vendor misbehaves, refuses to cooperate with their customers in resolving problems, customers lose money, or gets upset for any other reason, complaints will find their way to review websites and social media
- Only having the money you need for the transaction in the account – works if your bank account doesn’t have any credit facilities attached to it, so you can never have a negative balance. The vendor can never take more than expected during the first transaction. Even with free trials, it is possible to have items added to your shopping basket by default or pre-selected checkboxes, including a surprise purchase.
Remember that when you give your credit or debit card details to a vendor, you have no control over how they store or use them. The countermeasures here assume Zero Trust – you don’t trust the vendor from the outset.
Robert is an information security professional with over 20 years of experience across a diverse range of organisations, both in the UK and internationally. Robert graduated in 1997 with an honours degree in software engineering for security and safety-critical systems. Robert is contactable directly through Telegram.