Welcome to WebmasterWorld Guest from 107.20.54.98

Forum Moderators: buckworks

Message Too Old, No Replies

Paypal Virtual Debit Card beta out

     
1:36 am on Dec 25, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 16, 2001
posts:2006
votes: 0


[paypal.com...]

This is a Windows (setup.exe) application that you install. The program generates a one-time use throw away MasterCard number. The functionality is similar to MBNA's ShopSafe feature.

The FAQ is here: [paypal.com...]

[edited by: encyclo at 12:48 pm (utc) on Dec. 25, 2006]
[edit reason] fixed link [/edit]

5:16 am on Dec 25, 2006 (gmt 0)

Junior Member

5+ Year Member

joined:Aug 10, 2006
posts:86
votes: 0


wow thats great news!
5:30 am on Dec 25, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 21, 2004
posts:369
votes: 0


Great! It is a very nice feature.
6:40 am on Dec 25, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:July 8, 2003
posts:431
votes: 0


I can see this becoming the standard for all online transactions involving a major credit or debit card. Account information theft is thwarted and online retailers can breath a sigh of relief.
6:55 am on Dec 25, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 26, 2005
posts:3041
votes: 0


Of course, Paypal now becomes a HUGE target. But I'd rather have one point of vulnerability than dozens.

This should be a standard Mastercard/Visa feature. Paypal beat them to the punch.

I've been using Disposible Email Addresses for website registration and online commerce for some time. This is a logical extension.

7:24 am on Dec 25, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 31, 2003
posts:1316
votes: 0


I'd rather have one point of vulnerability than dozens.

That's the whole reason why I like Paypal.
7:28 am on Dec 25, 2006 (gmt 0)

Full Member

10+ Year Member

joined:Mar 23, 2005
posts:331
votes: 0


For those with mastercards, this has been out for some time. Its nice to see its been integrated with paypal now. Prior to this, if you used a disposable credit card # with paypal, it'd store that # for future use without realizing that the number would no longer be valid after that purchase.
9:56 am on Dec 25, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 10, 2004
posts:1342
votes: 0


"To find out if you qualify for all features of PayPal Virtual Debit Card, including virtual card numbers, review the PayPal Virtual Debit Card Checklist."

Where do I find out to see if I qualify to see the paypal virtual debit card checklist? ;)

None of the links seemed to work. Just get punted to the profile summary page.

But I'm Canadian, so maybe that's why I can't access anything. Either that or the website is buggy / got pulled.

Anyone else from Canada able to access the virtual debit card?

Happy Holidays.

11:01 am on Dec 25, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 25, 2004
posts:2156
votes: 0


Hi,

There are many other on-line providers of virtual (ie throw-away or single-use) VISA/MC numbers. I know, since I was CTO for one of them...

It *is* a very kewl idea, and stops all sorts of fraud dead in its tracks.

Rgds

Damon

7:31 pm on Dec 25, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 18, 2003
posts:1925
votes: 0


I was thinking for several years when something like this will come out. Great feature! Finally people can have 100% trust in online shopping. To sum up my post: awesome!

Anyone else from Canada able to access the virtual debit card?

Second that question.

7:33 pm on Dec 25, 2006 (gmt 0)

Full Member

10+ Year Member

joined:Mar 23, 2005
posts:331
votes: 0


There isn't 100 percent trust in a transaction. In fact, if they somehow got access to the generator, it'd be harder to stop them/detect them and they'd be able to victimize one person for longer.
7:41 pm on Dec 25, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 25, 2004
posts:2156
votes: 0


Hi rohitj,

I think that you need to support that statement.

I can't say that would have been true in our case, and indeed some of the links in our chain were designed to be fragile and break if someone pulled too hard.

Rgds

Damon

7:47 pm on Dec 25, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 26, 2005
posts:3041
votes: 0


For those with mastercards, this has been out for some time.

ALL Mastercards? Or only certain banks?

I certainly haven't heard of this. They seem to have done a terible job of marketing if this is true.

9:24 pm on Dec 25, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 25, 2004
posts:2156
votes: 0


Hi,

Certainly VISA has the concept of the "virtual" VISA card which can be put to a number of uses (it just has no issued plastic). But VISA is not a bank (or other retail financial institution, it is a trade club of them) and usually does not create/market new products directly for retail, mainly the brand concept. You need a third-party institution to directly create and market new such retail products, such as the one I referred to. You may not have heard of us because our marketing and budget was a little lower than VISA and some banks. B^>

But a little Googling will find the company that I am referring to, and others, and so far as I know Canadians are welcome.

Rgds

Damon

9:40 pm on Dec 25, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Feb 25, 2003
posts:418
votes: 0


Looks like this beta is available in the USA only. There is no option for any such card in my Indian Paypal account.
12:21 am on Dec 26, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 10, 2001
posts:731
votes: 0


DamonHD wrote:

I think that you need to support that statement.

I can't say that would have been true in our case, and indeed some of the links in our chain were designed to be fragile and break if someone pulled too hard.

I don't think rohitj needs to.

There isn't 100 percent trust in a transaction.
This is the only statement rohitj implies to be a fact, and since I do not trust such transactions completely, therefore rohitj is correct.

In fact, if they somehow got access to the generator, it'd be harder to stop them/detect them and they'd be able to victimize one person for longer.

I do not believe the 'card generator' is complex - it is just hard to get to.

I believe the security will fail first at the weakest point - end user. There will be mock sites of card generators which require to enter the full-card information, or some variant thereof.

The problem may not be at the banking institutions but the user apathy toward security, and general misconception of what is and is not secure.

Still, I am delighted PayPal is implementing this. It will eliminate some credit card fraud. Bad timing of course - should have been implemented in October, before the Christmas shopping rush.

[edited by: Tapolyai at 12:21 am (utc) on Dec. 26, 2006]

2:14 am on Dec 26, 2006 (gmt 0)

New User

10+ Year Member

joined:Dec 10, 2005
posts:5
votes: 0


My Swedish bank has supported creating one-time-use Mastercard numbers for several years. You have to be eligible for a real card first though, and access the bank with secure ID verification.

There is seldom any reason to give any other type of credit card numbers when shopping online. At my bank you can even create a card which is good for multiple purchases (up to a limit you decide) until a set expiration month (which is also decided by you when creating the card). The same options should be possible to implement for other banks (or Paypal).

[edited by: ADovervik at 2:20 am (utc) on Dec. 26, 2006]

8:48 am on Dec 26, 2006 (gmt 0)

New User

5+ Year Member

joined:Dec 21, 2006
posts:2
votes: 0


I've already used this function alot, citibank offers this as a protection for online transactions... But paypal bringing this feature will have more users protected than before I suppose.
11:01 pm on Dec 26, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 16, 2001
posts: 2006
votes: 0


I used the Virtual Debit Card because a I ordered from today did not provide a HTTPS link. Can you believe that?!
11:31 pm on Dec 26, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 31, 2003
posts:1316
votes: 0


Yeah, I believe it, though some sites are unsecure up until you click Submit, and then they post to an https url.
4:30 pm on Dec 27, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 20, 2004
posts:2377
votes: 0


Yeah, nice to see Paypal catching up. I've been using this feature with my Visa card for about 5 years now.
1:31 am on Dec 28, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 16, 2002
posts:794
votes: 0


I don't really like this at all. As a merchant that sells jewelry (transactions of $10,000 or more sometimes), my website generates about 40% fraudulant transactions that we hand-sift through and reject (no automatic credit card processing, the information is saved and manually verified).

We physically pick up the phone, call Visa, MC Amex, Discover, and get the phone number for the card issuing bank. From there we call to verify the billing address. We also ask them to kindly look to see if there's any pattern of suspisious activity and tell them how big a transaction we're going to run, what it's for, etc. We also ask them if the address has been recently changed. Sometimes they'll let us know if there are any red flags, and often times we have to make a gut-feeling type of call of whether to process it or not. Sometimes I go so far as to even check who the phone numbers are registered by doing a reverse white pages lookup, or even sometimes I have looked up the tax assessor's information for that cardholders residence to see if they're the actual owner. (I'm not going to ship a $50,000 ring to some shmuck in an apartment in the Bronx).

Anyone who uses paypal knows the risk of chargeback is still there and there's virtually no support if you process through paypal and get ripped off if you're a merchant.

To be honest I'd rather not accept any payments of this type at all. I'll tell my customers if I can't physically call their bank and verify the info the order will be cancelled. If this feature was offered by the VISA/MC or whatever company directly it would be of value since you're talking to the same people. But adding one more layer of processing with miserable support like paypal is not something I'd be willing to go through.

If VISA/MC did something to make CC-processing safe for both merchants and cardholders I think it would be quickly adopted. This is just crappy. I will not accept these types of payments... maybe for $200 gold chains but not $10,000+ diamond rings.

1:41 am on Dec 28, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 6, 2005
posts:670
votes: 0


born, interesting post, from a point-of-view I hadn't considered. Thanks for the insightful observations.
9:53 am on Dec 28, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 25, 2004
posts:2156
votes: 0


Hi

One of the features offered by the company I mentioned was to remove much of the risk of chargebacks from merchants because we have the user money in the account first and verified before we let the user spend it. So (a) we don't do credit and (b) we DO know who they are if the police come calling, as it clearly says in the Ts&Cs.

So, although your position is a very difficult one, a virtual card need not be a bad thing for you to handle.

(And yes, when one of my unrelated plastic cards was cloned the scumbags immediately tried to use it to buy jewelry, and I think they got it out of the shop before they were rumbled.)

Rgds

Damon

[edited by: DamonHD at 9:59 am (utc) on Dec. 28, 2006]

9:56 am on Dec 28, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:June 26, 2005
posts:83
votes: 0


Anyone who uses paypal knows the risk of chargeback is still there and there's virtually no support if you process through paypal and get ripped off if you're a merchant.

To be honest I'd rather not accept any payments of this type at all. I'll tell my customers if I can't physically call their bank and verify the info the order will be cancelled. If this feature was offered by the VISA/MC or whatever company directly it would be of value since you're talking to the same people. But adding one more layer of processing with miserable support like paypal is not something I'd be willing to go through.

Yep, PayPal is just a layer of crud that I don't need either...

5:31 pm on Dec 28, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 16, 2001
posts: 2006
votes: 0


> I will not accept these types of payments... maybe
> for $200 gold chains but not $10,000+ diamond rings.

Is there some consistency in the numbers issued by Paypal Virtual Debit Card (i.e. the first four numbers)? Are you rejecting them in an automated way? Or will this also be a manual process?

5:48 pm on Dec 28, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Jan 10, 2005
posts:168
votes: 0


While privacy is one of the benefits of the Virtual Debit Card, keep in mind that it might also be used by PayPal account holders who don't otherwise have a credit or debit card they can use on your website. (They may just have a Verified bank account for funding purchases.) If your site doesn't accept PayPal, and only has credit card options during the checkout, then the Virtual Debit Card is one way for those PayPal account holders to make their payment. Even if your site lists personal checks or money orders as available payment options, these customers might prefer to use a Virtual Debit Card number to make an instant payment instead of waiting for the payment to be received via mail.

Of course, it's still up to you to decide which payments you will accept and how to manage your risk. :-)

9:44 pm on Dec 28, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 25, 2004
posts:2156
votes: 0


Hi,

Every VISA/MC/etc card number starts with a unique 6-digit "BIN" (Bank Identification Number). You can block by BIN if you want to (though nothing stops BINs being shared between some different uses). The BIN indicates a sponsoring bank (within the VISA/MC/etc scheme), the card scheme, and other stuff like the currency for that range of cards...

You'd need a big look-up table to decide what to do given a card's BIN...

Rgds

Damon

4:18 am on Dec 29, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 16, 2002
posts:794
votes: 0


Its not really that hard. You just call VISA or MC, punch in the card #, and it gives you the card issuing bank. For Visa its 1-800-847-2750, MC is 1-800-300-3069. Once you get the phone number of the card issuing bank (like Chase, or MBNA or Bank of America, etc) you just call them up and ask to verify name and address. Pretty straight forward. Then you can try to get more info from them like if the address has been recently changed (usually the case with fraud) or if the large purchase is out of their typical shopping behaviour, etc... most banks will cooperate somewhat.

If I call that VISA or MC line and it tells me the card issuing bank is Paypal, you can bet I will be voiding that transaction, especially if its a big purchase! Or I will call up my customer and tell him how it is and if they can please use the actual card.

As far as cards that pull funds out of a bank account (no credit) those ACH transfers can still be reversed. The only thing that cant be reversed is a wire transfer. I usually offer my customers a 5% discount for large purchases even though CC processing is only 2.4% or so, because it lets me put my mind at ease and the customer is usually very happy to get the discount. If someone is going to pay cash electronically, then why not do a wire transfer and save a good chunk of change, especially on a large purchase?

My industry is a bit unusual because jewelry has no serial number, and can be dismantled, melted down, etc and sold as scrap, loose gems, etc. So we are always targets of fraud.

10:17 am on Dec 29, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 25, 2004
posts:2156
votes: 0


Hi,

Yes, for your industry and transaction size, I'm sure you're doing the right thing.

Credit cards are really more for the middle ground of middle-sized transactions for ordinary goods and services between counterparties unknown to one another where risks are small or moderate.

Rgds

Damon

This 35 message thread spans 2 pages: 35