Are Online Payments Safer with One-Time-Use Debit Card Numbers?

Are Online Payments Safer With One-Time-Use Debit Card Numbers?

In late 2010 Google came up with a brilliant way to authenticate into its accounts across the web that adds an extra layer of security to your login. The idea behind Google Authenticator wasn’t novel, but it popularized the idea of one-time passwords (OTPs). Having a discardable authentication method that can only be used once makes it nearly impossible for any one account to be hacked, even if the hackers knew the password. A startup called Privacy has created a solution that uses a similar concept for debit cards, generating a “proxy” credit card number each time you need to make a payment online.

The Mechanism


The way a “throwaway card” works is very simple: You input your card number into an application that guarantees its safety, and the application spits out another number. This way you can make a payment using your debit card without revealing its real number to the company on the receiving end of the transaction. In theory by masking your number, you have more control over your financial data. This also makes it easy to cancel a number without having to go through the hassle of getting a new card from your issuer.

How It Makes Online Shopping Safer


Sniffing out credit card numbers online has become a very lucrative way to score some cash. Breaches like the one that Target suffered in 2013 have left millions of consumers exposed to this kind of fraud. Using a throwaway number, however, minimizes the risk of having your card information swiped from you. Using Privacy as an example, you can establish each throwaway number to be used for one particular service (one virtual card for Netflix, another for Spotify, etc.). This way when hackers manage to steal that particular number, it will be useless except for that single service. Fraudsters are interested in using one card through several different avenues, so having such a restriction in place would take your number out of consideration for them.

Technically, you could also make a virtual card for one single transaction, making the number stored in the database useless for any further purchases. This makes you literally impervious to any fraud attempt.

Does It Work?

If hackers have no way of seeing your actual debit card number, there is no reason to believe that they’ll be able to inflict any financial harm. The only instance in which I think you’d be taking a risk is if someone has installed a keylogger on your computer before you input your real number into the application. To prevent such a thing from happening, you should ensure that your security software is up to date and avoid downloading software from dubious sources. If you want to protect yourself even further, make sure that you do not type up your debit card information and send it through a public Wi-Fi network. Online purchases should be made from home whenever possible.

Are there any other pieces of advice you have for people who shop online? Let us know in a comment!

Miguel Leiva-Gomez Miguel Leiva-Gomez

Miguel has been a business growth and technology expert for more than a decade and has written software for even longer. From his little castle in Romania, he presents cold and analytical perspectives to things that affect the tech world.


  1. Great idea, EXCEPT… They want the full login credentials to your bank. I understand they need to link to your checking account to get the funds their cards will need but why do they need access to ALL of my bank accounts and services in addition to the checking account? Talk about giving away the keys to the castle!

    I like the idea of Privacy and would very much like to sign up but they are asking for way more than they need in order to make the required funds transfer work. (Paypal gets by with only links to your checking account and/or a credit card.) Imagine if they got hacked and your information was stolen; not only would the bad guys get your checking account but your savings account too, credit cards, and maybe some investment accounts. What other services do you use from your bank that you would feel squeamish giving unnecessary access to?

  2. And what about returns? Returns normally get credited back to the card you used to make the purchase. So…will the funds automatically be deposited back into your bank account, on remain on a single-use virtual card with a number you didn’t keep track of?

  3. Discover Card had this until a few years ago. You ran an app from their site and got a temporary credit card number, good for one purchase. Discover kept track of the number in case you return an item. It work great. Don’t know they discontinued this service.

  4. Sounds like a really good idea. However, this company doesn’t have access to all Banks or Credit Unions. I just tried to sign up and my Credit Union was not listed, while, PayPal does. Though PayPal does not give you a virtual card number. I do realize that Privacy is a start-up company and it takes time, to contact all Banks and Credit Unions. I submitted my feedback to see if they will include my Credit Union. Bottom line, I do like the concept. :)

Comments are closed.