Should You Use a Virtual Credit Card Number?

When Edgar Dworsky, a Massachusetts-based consumer advocate and founder of ConsumerWorld.org, shops through an unfamiliar website, he uses what's known as a virtual credit card number to avoid sharing his actual credit card number.

"With so many instances of online fraud and credit card numbers being stolen or hacked, either by [the merchant] or someone who might hack into their system," Dworsky says he doesn't want to take any chances that could compromise his credit card. He also uses a virtual credit card to avoid automatic renewals of services he doesn't want to continue.

[See 10 Ways to Improve Your Finances in 2011.]

To generate a 16-digit virtual credit card number, which is linked to his regular credit card, Dworsky estimates that he spends less than 60 seconds to log into his credit card account, click a few boxes, and set the expiration date. Then he types those 16 digits, the expiration date, and the security code into the merchant's website to complete his transaction.

Virtual credit card numbers aren't new, but even with recent security breaches like the one involving Sony PlayStation earlier this year, surprisingly few consumers use them. In fact, American Express discontinued its virtual credit card service in 2004, reportedly due to lack of interest, and Discover discontinued its service in early September. However, several other issuers, including Bank of America and Citi, still offer them.

As Robert Siciliano, a McAfee Consultant and identity theft expert, explains, "A virtual payment that takes place online or over the phone, without physical inspection of the card, is considered a 'card not present,' or CNP transaction. In a CNP transaction, it is not possible to examine a card's security features or signature."

[See the Biggest Money Mistakes Couple Make.]

For CNP transactions, the virtual account number works the same as the number on a physical credit card, but within the time and monetary limits set by the user (Dworsky says he always sets his to expire in two months.) "You can have a number of different merchants with a number of temporary numbers," says Siciliano. "The retailer has no idea that this is a different number."

If your regular credit card offers rewards, you can earn those same miles or other rewards using a virtual account number tied to that account. And while Dworsky says he's never had an issue using a virtual credit card, it could potentially create confusion if, for example, you ordered movie tickets online, and then were asked to swipe a credit card at a theater kiosk to pick them up.

So, does this option create an extra layer of security or simply create extra hassles for consumers?

Experts disagree on this point. "It's probably more secure than your existing card number because you have the ability to set limits on it," says Siciliano. "Those limits are where the layer of security lies. For example, if you just give your regular account number, then anybody who gets ahold of that number going forward can use it to make unauthorized charges."

[See 6 Ways ID Thieves Steal You Credit Card Number.]

But according to John Ulzheimer, president of Consumer Education at SmartCredit.com, virtual credit cards are actually more helpful to card issuers than consumers because they reduce the amount of fraud the card issuer has to absorb. Under federal law, your maximum liability per card is limited to $50, assuming you report a lost or stolen card. That's why Ulzheimer says he's never used virtual credit card numbers and doesn't think they're necessary.

In some cases, he adds, consumers who've had their card stolen or skimmed may not pay anything for fraudulent charges, assuming they notify the issuer within a reasonable amount of time. "It's so competitive out there that issuers are very willing to absorb that $50 amount because they don't want to lose a low-risk card-holder to a competitor," Ulzheimer explains. "It's very expensive to acquire a profitable customer."