Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
The Almighty Buck

AmEx To Offer "Disposable" Credit Card Numbers 221

A reader writes "American Express is going to allow card holders to access one-time use card numbers for purchases online. Not only could this cut down online credit card fraud but it might lead to anonymous purchases. " I'm not sure this gets us closer to totally anonymous purchasing, but it does mean that you can take more steps to protect yourself in online purchasing - now only one megacorp (Amex) could have your records!
This discussion has been archived. No new comments can be posted.

AmEx To Offer "Disposable" Credit Card Numers

Comments Filter:
  • Much easier than carrying cash

    But not entirely like cash... It can still be traced to _you_ if Amex add the one-shot CC to your ordinary bill...
    What I'd like to see is something akin to the phonecards - go into any supermarket/corner shop, hand over the moolah (in cash) and get a card worth the same amount. That's as close to untraceable cash as you'll get...

    Strong data typing is for those with weak minds.

  • But back then they were called "card generators" and you didn't have that nasty problem of someone actually wanting *money* for your anonymous purchase :)
  • ...That's where. :)
  • The combination of date, temp-ccnumber, and amount makes for more digits. These are checked against your original ccnumber when the transaction is sent to the card-issuer, which is more digits.

    Simple version:
    store submits charge.
    if (temp-ccnumber-digit16) XOR (original-ccnumber-digit3) XOR (day-of-week) == 6, you pass the test.
    Pass a suite of such tests, charge is authorized.

    Don't expect AMEX to tell you the actual checks performed. Only a small portion of possible checks need be "in force" during a given week or hour, too.

  • If they keep reusing numbers, I don't want to be the database guy having to write disgusting queries like "select $$$ from transactions_table left join temporary_cards left join members_info on ..."


  • Even though ever web designer in the world seems to think that a credit card number is 16 digits, the specs say they are 19. Take that and stuff it in your database :-)
  • by KFury ( 19522 ) on Thursday September 07, 2000 @01:54PM (#797467) Homepage
    (you know, the one where the governemnt has monitoring tools like Echelon and Carnivore)

    Anyhow, in hypothetical bigbrotherland, when you get cash from an ATM, it's trivial to include a reader into the ATM that will grab the unique, prominent serial numbers on the bills it gives you (in nice, clear, easy-to-OCR type donchaknow), and correltaes that money to you, a specific individual.

    Now you spend this twenty (yuppiebuck) at the market/gun club/peepmall and, being a twenty, it will most likely not be given as change to another customer, but will go straight into the deposit pouch that the store gives to their bank at the end of the day/week.

    The bank scans the money, correlates the serial numbers again, sees the path of the bill, and generates reasonable probabilities of the path it took through the system.

    Do this for a while and you get statistical certainties on cashflows, who spends what where, telling more about a person's cash habits than an FBI interview would.

    I've no idea if the system exists currently, but it's preposterous to think that cash is really anonymous, because cash literally isn't anonymous as long as it has a serial number. It may be anonymous enough for a given purchase, but in the aggregate it tells a great deal about you.

    Kevin Fox
  • Have you been to a Radio Shack or Sears lately?

    Those stores, among many others, try to get your personal information even if you want to pay cash. I remember arguing with a sales clerk for twenty minutes about whether or not I *had* to give my name and address to buy something with cash. He claimed that he couldn't complete the sale without the data. We finally had to call over a manager to deal with the issue.

    Experiences like that just leave me feeling icky...
  • Isn't the point that you wouldn't have to give out your CC # unencrypted to anyone?

    Yes, if they got your card number you'd be equally screwed, but this would potentially insulate you from merchants, dumpster divers, etc. from getting your number off the receipts.
  • I seem to think that if the cc companies have the opportunity to add A LOT more value to this one time credit card venture easily then they will, the writer of the article seems to think its about privacy also, you dont, do you have other information that you can share with us?
  • by thogard ( 43403 ) on Thursday September 07, 2000 @02:14PM (#797471) Homepage
    The first 6 are the BIN number. These are assinged to the banks or creditcard companies in major lots (so MasterCard gets only 5.* and Visa gets 4.*) but there are other 5's that have been assgned to non MasterCards. The short answer is that two cards with the same first 6 number will be issued by the same bank. Currently a given BIN range is also used to tell if its a "gold" as well.

    Different countries tend to use different number schemes. The US tends to use nice blocks of well defined numbers which makes scanning trivial. Other banks have even used fully random assignements.

    There is no check digit. The "mod 10" system used simply says the sum of the even digits plus the sum of the odd digits x 2 will be a nice mod 10 number. Go look at some of the perl code that does the check and then write the routine in assembly on a machine with BCD instructions. One is about 5 lines and the other isn't. The system was designed to catch transposed digits. if the card is 1234 then the system will catch 1324 and 2134 but not 3214 or 1432. These is also a 1 in 10 chance that bad card number will correctly checksum. Keep in mind that there are still places where those numbers are routinely hand keyd.
  • Smart cards hold the number of the beast and would signal the coming end of creation! It's the 7th sign! Repent NOW SINNERS! Stop surfing PORN! I know it's true 'cause that guy who slept with that whore that one time said so!


  • I saw this idea a few months ago, offered to me by my credit card company. I assumed they'd charge the amount to my regular card, and send me a finite-amount card.

    Contrary to all the posts here, they were promoting them for use as gift certificates. Interesting idea.
  • Well, since we're talking about one-use-only numbers anyway, I don't see very much of a difference between transmitting the number to the merchant encrypted or unencrypted, since it's going invalid right after that anyway.
  • US banks tend to verify it but many banks world wide don't. I do know that lots of system had the date check rejecting turned off for y2k and I suspect its been turned back on my now but maybe not.
  • As I said, we're talking about one-use-only numbers anyway. I don't see very much of a difference between transmitting the number to the merchant encrypted or unencrypted, since it's going invalid right after that anyway.
  • Hey,

    What I'd like to see is something akin to the phonecards - go into any supermarket/corner shop, hand over the moolah (in cash) and get a card worth the same amount.

    What I'd like to see is something akin to money - go into any supermarket/corner shop, pick up what you want, hand over the moolah (in cash) and get a box of groceries worth the same amount. Plus you wouldn't have to wait for delivery, like you would online.

    If that sounded sarcastic sorry, it wasn't meant to be.


    ...another comment from Michael Tandy.

  • There is no incentive for a private corporation to share customer data with federal, state, or local governments, especially when that data will frequently include their own directors', managers', and employees' information. The accounting department is more likely to be spending time finding ways to state the accounts so as to lower taxes, while the people who are most likely to be using the above SQL code are the ones in marketing departments, you know, for sales and profitability purposes.

    The best uses for disposable credit card numbers are to discourage tracking via account number by vendors(harder to join multiple purchases when the common factor isn't a single number field) and to reduce the risk that a cracker will access a vendor db and get active account numbers.
  • Didn't these prepaid cards already come out? I seem to remember reading (somewhere on /.) that these were available at your local 7-11. Link anyone?
  • You can add four digits because the required "expiration date" becomes arbitrary, can't you? Puts it back up to 10^16, maybe that helps? It can also give a "series number" for recycling. Say, use expiration dates with years around 50 years in the future...

  • I should have patented this.

    Start disposable credit cards, just like a phone card. Go to a supermarket or mall and pay cash for a "prepayed" credit card.

    The float would be a great profit center.

    But this would be a debit card on a cash account. Get it recharded when it runs out. Great way to launder cash too.

  • This would even protect you from the Club Card stores associating your credit card with your club card. Say that you pay cash for everything and also keep several club cards with bogus information on them. If you slip up and accidentally use a credit card, they can link up the club card accounts based on your CC number. With the new technology, they would not be able to do that so easily.

  • It seems to me that what would make the most sense would be that every account (with a regular old account number) would be linked to a number of "sub-accounts" that would be generated on demand.
    In short, the scheme seems to work like this:
    1. The AMEX system would open the account, linking it to a master account.
    2. The merchant then processes a transaction against the account.
    3. The account is set up to automatically close after one transaction is posted.
    4. The balance of that account is then transferred to the master account.

    Disclaimer: I don't know that it works that way, it just my inferences based on the article.

    The numbers could be linked to a master account by running the account number through some kind of one-way algorithm. Or maybe by picking them out of a pool of available numbers and assigning them in sequence.

    In any event, it's a really interesting approach, although I'm afraid that the number of valid mod-10 account numbers will diminish quickly. Sort of like the way IP addresses have.

    What I find MOST insteresting about this strategy is that it cuts down on an online merchant's ability to invade my privacy by using credit card numbers to link information in puchasing databases.
  • Incidentally, not having to pay for it is a different thing from the fraudulent charger being prosecuted. The fact that I can get stolen from, but since what to me is a significant amount is miniscule to these companies, means that ultimately these crimes go mostly unpunished.
    "The not a suicide pact."
  • They tried that in Swindon, UK, a few years ago. The card was called Mondex, and all the retailers in Swindon were provided with Mondex terminals to receive payments and to "top up" the cards with extra cash.
    That was four years ago, when I was in Swindon the pilot had been running for 2 years and nobody really used it. I guess that it was abandoned, 'cos I've not seen it elsewhere since... (now livinf in London)
    Maybe with this newfangled internet thingy getting popular, it may be worth another go...

    Strong data typing is for those with weak minds.

  • Account, name address and 2 forms of photo id?

  • While a respectable attempt at making online purchases more secure, I think this will ultimately be a failure.

    Obviously, American Express will have to get the disposable numbers to people in a non-secure manner. The only thing more nerve racking than having a credit card sitting in a mailbox where people can steal it is having several credit card numbers that don't require activation sitting in a mailbox where people can steal them. Of course, that statement makes some assumptions, but I think they are safe ones.

    How will they get the numbers to people? The internet? That's self-defeating. Via a phone call? Too many chances for human error. Especially when you consider that number will need to be even longer than they are now to avoid repeating. Snail mail seems to be the obvious answer.

    And what about activation? If the single-use numbers require an activation phone call, they'll be too inconvenient to use.

    This isn't the right solution, but it does show that the big players are looking for one. And that's a Good Thing(tm).
  • Regarding your third point: AmEx is not offering disposable numbers to just anyone (check the article). They are offering them to their customers -- i.e. people with AmEx accounts, who thus, one presumes, have met AmEx's standards of credit rating, etc. Thus this is no different than already having a credit card from AmEx, except that it can't be stolen (online). The numbers being instantly available on-line just means their customers will be more likely to go to the minimal effort of getting the more secure disposables rather than just typing their real AmEx# into ghu-knows what website.

    So the billing (wrt your second point) is no different: you get it on your AmEx card bill, is all.

    Think of the disposable # as an alias for your real number. In the same way people use hotmail accounts as disposable spam-filter accounts, these AmEx#s are disposable theft-filter accounts.

    So to use this, you need to apply for a regular AmEx account, and then you can get the disposable #s.

  • Even though your cash withdrawals are recorded, how you spend that cash isn't. Thus, it's more or less anonymous; I doubt big brother is going to correlate a $30 ATM withdrawal with the $5.99 of it you spend on a six pack of Corona at the grocery store.


  • I don't know who you talked to but I haven't found anyone that liked them that wasn't pusshing them. They take forever compared to cash. The only places I've ever seen that take Mondex just happen to be very close to MasterCards offices. There is also the issue of what happens when the card gets broken. I can still spend broken cash, a broken Mondex card is worhtless along with all the money stored on it.
  • Sorry, but this seems funny to me - the term "The income tax people" sounds like a corporate slogan, i.e.

    Network Solutions: The dot com people.
    The US Government: The income tax people.

  • So, do what I do. When you cash a check or withdraw money, get only one and two dollar (Jefferson) bills. No one would bother tracing them, they circulate a lot, and it fucks the system!
  • I've had this same idea for a long time. What took so long?

    But, first a personal aside, I'm a staunch capitalist, fiscal conservative, libertarian (i.e., less government), but when the US halls of power are run by whores prostituting their votes to the biggest special interest (lobbying group) I get angry! But, I believe there is hope, I've seen momentum building for nearly a decade against the influence that nothing decried by Americans seems to stop. Namely, abuses like nearly nil protection for Americans wanting control (less full control) over their personal information. It always comes down to the deep pocketed, with the aid of the power in charge of the capitol, who quickly reverse their moral stance against such a position as soon as they gain power, calling the agenda. Just such a thing occurred when the GOP gained the House and the Senate, lost to them since the 1950's, after the 1994 mid-term national elections. Riding the wave of change which Americans were churning began by the election of new young president, representing a new attitude - by Americans, not the man himself, he was just par for the course - there was an expectation for some real change to occur. Apparently not. Or should I say, it's still coming - that's my read.

    I see parallels, a new synergy, more importantly I see different manifestations of the same root gripe, in the violent/vigorous demonstrations in Seattle, Washington last year. Similarly, with protests during the presidential nominating conventions just a few months ago. The French farmer who defaced the local Mc Donald restaurant is part of this too. It's part of a sentiment which seems at first unrelated. No, not that globalization sucks, I'm not a socialist for heaven's sake. Rather, that individuals are, for their myriad reasons, angry and fed up with the naked purchasing of the process. The British have their euro-skeptic stance toward EU membership and the lack of sovereignty that Belgium running bureaucrats might exert over their national identity. Similarly, I see American's saying to hell with ridiculous patents made grant-able by a PTO obliged to follow guidelines paid for by deep pocketed interests investing (you call it tomato, I call it graft; others lobbying, political donations, and others soft money contributions) in the extension of their monopolies. It sure looks like corporate socialism. Further, UCITA, DMCA, lack of control over personal medical information, financial information, driver's license information and/or photographs. On and on it goes.

    I sure get sick and tire of being sick and tire about this. Listen, I'm not saying that it's the end of the world, but I sure as hell don't like to tell Amazon to take a flying a leap if they do a 180 on their privacy policy as easily as I prefer to just get results, if a disposable credit card number is one more weapon in my arsenal, great. But, as has been mentioned AMEX will just have the field all to itself. No ifs, maybes and of buts. Unless they apply something viral like a GPL kind of concept (policy won't change unless 100% of users give explicit permission, say) they'll ride you too, in their own way. Fuck that!

    Anyway, that leaves just one route for total privacy, either go the JD Salinger way: no credit cards, no phone number, no driver's license a reclusive sort of existence. Or lots of buffers between you and the world, a little Godfather thing here. ;-) Become Amish. Or, do the Howard Hughes thing, in later life mind you, incorporate yourself, use corporate shells, credit cards, etc. Nothing nefarious, you're just a guy, gal who likes to keep control of your destiny. After all the facts of your life are your personal history. And I shall write mine own. Nobody will read this anyway.

    Me pican las bolas, man!

  • Someone else encrypts your card number...

    Well, how does that "someone" gets your card number in the first place? The idea of the system is that you never transmit this new card number in clear.

    There's another weakness, though and here's the fix: the merchant's (public) key needs to be signed by Am Ex, so that a merchant can't send you a dummy public key for which it has the private key and decrypt your number. I can't find other weaknesses for now...
  • AMEX was supposed to release details on this at 0900 PDT today. Is there a link yet?
  • I had the idea, awhile back, while looking into ecommerce solutions, of having a system where the vendor never even sees the credit card information. It would work something like this (maybe the technical details would need to be tweaked, but this is the general idea): I go to your site, fill a shopping cart/order like normal, fill out a shipping information form, then get redirected to the credit card companies' site, where I fill out payment information, which would do the work of figuring out if I could be authorized, and then send me back to the vendors site with an authorization.

    Viola! Vendors never see my card info, but get assurance of receiving payment.

    You could, potentially, take it another step. Once I had gone to the credit card companies' verification site once, the card company could, maybe, store a cookie in my browser (which cookie would not contain any of my credit card info, but just an index to my database record from my last visit). In the future, when I was redirected to the card companies site for verification, they could check that cookie, ask for some sort of pass-phrase (obviously cookies aren't the most secure thing in the world), and ask me if I want to use the card info I've already submitted last time, or use another card.

  • by Snocone ( 158524 ) on Thursday September 07, 2000 @09:23AM (#797497) Homepage
    The income tax people will FREAK on this.

    This is why offshore accounts are illegal!

  • there is nothing in the article that indicates this is about privacy. the article talks about privacy, but the only thing the article mentions about this program is that if a merchant were to leak your credit card number, it would not be usable.

    do you have other information that you can share with us?

    Did you mean that in a snide way? I could ask you the same question. I don't think there is any other information. I think it's pretty clear that this is not a privacy enhancing program. I'm not an expert on this, but IIRC the contractual relationships between the credit card companies and the merchants and the credit rating agencies require that all of them get access to your identity.

  • They exist.

    I got ads for 'em with my credit card statement around Xmas last year. They were intended as gifts.
  • by Captain Pillbug ( 12523 ) on Thursday September 07, 2000 @02:56PM (#797500)
    A disposable credit card is an interesting idea, but unless it's possible to refill the card (thereby defeating part of the reason for having one), it means we'll have the same problem we have with disposable phone cards: they get thrown away with money still on them. After normal use, there's always a small balance that can't be spent through normal use, and the credit company will stand to rake it in as pure profit.
  • Only one company would have my information. Another company might have yours. It doesn't matter, but I could narrow it down to the point where I could have a single company to blame for information leaks. There could certainly be more than one company.

    As far as monopolies go, they are a result of capitalism. But the companies you mention have hardly been guilty of terrible things. Sure, bad music and bad movies may come out of the closed town of hollywood, but its been our choice to watch that crap. Microsoft has consistently provided people and companies with what they wanted, relatively cheap and easy to use computers. Apple isn't cheap, and Unix isn't easy. They crapped the middle ground which is filled with mediocre people. Now people want to have the benefits of a standardized desktop only possible with a monopoly, and they want to set the prices on it also. It is completely wrong to use force against a company when alternatives exist, and to justify it with some crap about a free market.

    The free market forces that free software is putting on Microsoft will eventually chip away at Microsoft, relegating them to life as an application company. The writing is on the wall for MS already.

    An interesting thing to not is how much /. readers hate monopolies, but they get into religious wars about which OS (editor, shell, gui, etc) to use. For example, I think many people would like to see everyone work on just Linux, and not BSD. This also would stifle creativity, and alternatives and force the user down certain paths. Then again, I think most /. readers contribute absolutely nothing other than flames to free software as a whole.

    I've digressed, and I don't mean to have a tone that I'm attacking you. I'm just espousing my views that somewhat relate to what you were saying.

  • Why not just jump to smart-cards, like civilized world?
  • I found this article [] where it talked about a service called []

    I think many of you will be interested.

  • It's not going to be anonymous to the business, either. it's your same credit card. It's like getting a new copy with a different number... "no different" means "not anonymous" because your credit card is not anonymous. Not to mention, they aren't giving you an anonymous mail-drop anyway...

    the only way that it provides anything like anonymity would be for a merchant who keeps the customer file keyed by credit card number and would thus fail to match up your different orders. But, (1) merchants don't do this, and (2) if they did, they would change. It's not anonymous.

  • ...and I'm talking about cryptological permanant credit card numbers that cannot get compromised
  • Did a credit card company come up with this? This is actually a great idea-- I'm really impressed. While it isn't digital cash, it still seems like a good idea. If nothing else, it will make people more confident with giving the number out, rather than feeling like a year from now some guy will trash them and then start carding TV's from Best Buy.

    Pretty cool. I wonder what kind of tracking database they'll use to match people with their purchases. If there were a privacy guarantee, it would be even better, but I guess that that is wishful thinking.

  • how long before a cryptologist breaks the algorith to determine whether the number is a valid entry? at that point, we'll have tons of fake cards and stuff getting billed to the wrong person.

    it will end up being just like those $5 calling card scams that you see in NYC all the time.
  • by KevinMS ( 209602 ) on Thursday September 07, 2000 @09:53AM (#797518)

    Assuming that using a disposible cc number is anonymous, (why wouldnt it be, it would be like a phone card), by using this and [] an "e-consumer" would have much more control over his/her purchasing identity and power over junk in their mailboxes (both snail and e) and more importantly, would significantly impact the very valuable side effect of current purchases - customer data. By drying up that source of data we might effect businesses hunger for it, turning their desire elsewhere (maybe towards quality), and be closer to turning an ebusinesses view of the internet as a black box that their goods go in and money comes out. Of course the danger is that cc companies see the value and start selling customer data back to the ebusinesses.
  • Time-related as well. They can recycle them over a period of time. Numbers would be valid for say, 24 hours or some such thing, and then recycled (but not active until reassigned.)

    You go to the amex secure site, identify yourself, and they give you a one-time-use number for the transaction. YOu use it.. done deal.

    A week later, they can use the same number again.
  • is this the vendor reader or the personal reader?

    the original smart vendor reader had the problems.

    i'll try to find documentation of it online
  • You know, some people use credit cards to purchase items they can't afford at the time (ie. can't put their hands on THEN). When I buy a new stereo, I'll plunk down plastic and charge $1500, then pay it off a few 100 a month for a while.

    Credit cards started off as a way to buy now, pay later. These days, we are all using debit cards, which look and feel a lot like credit cards, but are very similar to prepaid calling cards. The difference is that the "payment" you make is depositing your paycheck into your bank account and, just because you have used all of your minutes, er money, the number is only temporarily deactivated, not cancelled.

  • One hundred thousand numbers is a small number to brute force over the span of an hour while the number is valid.


  • Second, how will AMEX ensure that you will pay your bill?

    If I understand this correctly, the disposable number will be linked to your normal, non-disposable AMEX card. AMEX will still have all your details, and any bills you run up will acrue to your regular account, but the number will cease to be valid after one use, so that an unscrupulous merchant can't run up extra charges on it after you've paid for what you meant to pay for. They will probably have to have some sort of mechanism where merchants with legitimate complaints can add an extra charge after the fact (like if you use it to pay for a hotel bill, but then they found you stole all the towels).

    Think of it as just a symlink to your regular card, one that you (or AMEX) destroy as soon as it's fullfilled its purpose.

    I conceed your first point, though, that the process of getting the disposable number from AMEX is just as prone to interception and theft as any credit card purchase, but I think the real problem with credit card fraud so-far has been unscrupulous merchants adding extra charges (like double billing) and/or idiot merchants leaving your credit card number on their system where it is stolen by crackers and script kiddies. This concept addresses both of those problems.

  • If we were using the truly anonymous cash card (phonecard machine type), then couldn't the government just tax the purchase of the card itself, and stop worrying about it?
    But then, how not to re-tax the sale itself, differentiating between a cash card and a credit/debit card...

    And then, that would require the identification of the location where you purchased the cashcard, which would be worse in terms of anonymity than current credit cards. And odds are the government would be perfectly happy to tax twice, and..

    Oh, nevermind.
    "The not a suicide pact."
  • too bad they released the card without a reader that didn't blow up when they tried to use the card.

    (this is a true story, the reader would short out if you actually tried to use it the way it was meant to be used)
  • by rxmd ( 205533 ) on Thursday September 07, 2000 @09:57AM (#797540) Homepage

    This may sound like a good idea, but it has its drawbacks.

    The first drawback is granularity.

    • If the value of every single card is large (few hundred dollars), it would be a mugger's paradise because people don't usually carry around much in cash, but a potentually valuable payment card would be a good target.
    • If the value of every single card is small, no one will use it for larger transactions. You can buy your roll of bread quite comfortable using real money, and if you have to enter a dozen numbers when you buy your new $99 sound card online, the system is not going to be very popular. We've had this in Germany because it was considered to use prepaid phonecards for transactions. The idea was dropped, however.

    The second drawback is non-rechargability. If recharging devices were available, people would start stealing those and recharging their cards at will. To make this impossible, one has to provide each card with a sort of "shadow bank account" and have the recharger communicate with some central authority. Then, you could desable known stolen rechargers.

    The third and worst drawbacks is that if it's an electronic device, you can fake it. I spent some time in 1996 assembling a microcontroller-based board that could pretend it was a German phonecard. No one would introduce a payment card that could be faked this way. In order to stop this, one has to introduce either advanced secret card signing algorithms, which are sure to either leak out or be faked sooner or later, or use shadow accounting like with the German GeldKarte ("money card"). Again, anonymity and non-traceability can no longer be guaranteed, and the advantage will be gone.

    A very good introduction how the German GeldKarte payment card system works can be found here []. I'm sorry that it's all in German, but the system is specific to Germany, so most people wouldn't bother to translate it. You can try the fish [], though. An English introduction can be found at Manni's page []

  • by Luminous ( 192747 ) on Thursday September 07, 2000 @09:58AM (#797541) Journal
    Fundamentally, I don't care if a transaction is traced to me. Yes, hello, I buy things that get shipped in plain brown packages. I do like the idea of not having to use my debit card (I too refuse the concept of credit as I've seen that version of Hell and have no desire to go back).

    Currently I use a similar variation where I have an account at one bank with a debit card and I only keep a small amount of money in there for online buying. This could be made easier if I could just transfer money to a temporary number while I am shopping, use that number and never have to worry about who has sniffed that number. It would also make tracking my online purchases easier as I would get one statement listing all my debits from my account to temp numbers and a list of the amount of money stored on the temp numbers.

  • But beer should be free. hehe. Touche~, good point. I generally want cash for the little things though...and never take out more than 100 bucks at a time. If I want a bigger badder item, I whip out Mr. Plastic.

  • by anticypher ( 48312 ) <anticypher@gmail. c o m> on Thursday September 07, 2000 @10:01AM (#797561) Homepage
    VISA and AmEx have been kicking around ideas to do something equivalent to one time password cryptocards. This is a simple version of the same idea, without all the fancy hardware. If it works, expect the idea to take off with all the major card issuers.

    What will probably happen later on is, you will be given an electronic card, with a special token embedded in the circuitry. When you want to use your credit card number online, instead you push a button and a small display tells you the cryptographically hashed version of the card, valuable for a single use over the next hour or so.

    The hash function combines a real time clock value, the token, and a counter for each use.

    The servers will have a copy of your token, know the time, and keep a local counter. Then the server can compare the crypto hash of your card. If they match, the transaction is authorised. Then later the billing department matches up your hashed number with the real number, and you see the charge show up on your bill.

    There are a ton of other little details which the crypto card industry has worked out, but the system mostly works. Too bad this neat methodology will be patented to death, so only the big boys can play with it.

    the AC
  • by jd ( 1658 )
    Mondex' cash smart-cards are a better way to go. Then the card itself could transfer the money, using strong encryption.

    Personally, the "ideal" would be a smart-card on which you could lodge a mixture of cash & credit, do online transfers from any suitable station, and use as a practical alternative to credit cards, debit cards, cheques and cash.

    Such systems are being tried out, in the US and UK, but only over small scales. Despite everyone I've talked to liking the cards, the card companies won't put them out for general use. Stupid idiots!

  • see here [] or here [] for extra details, including the fact that this will be for American Express consumer and small business cardholders in the United States.

    so it's a step, but not a huge one. of course, bill murray said it best in What About Bob - Baby Steps!

  • If you take 19 numbers and stuff them in your database you are in all probability going to be violating your agreement with the credit card company. You aren't allowed to store the final three digits (the CVC) at all.
  • You are assuming that the numbering scheme will stay the same. Which I think is wrong
    • I do not think that the numbering scheme will stay the same. So, along with Amex we will now have AMEX-One time or even AMEX-Electronic Traveller Cheque
    • I strongly suspect number reusal. Basically electronic money or to be more exact electronic traveler cheques.
    • I strongly suspect that the transaction in the finall version will not be anonymous. As if it is anonymous combined with number reusal the mixture will become outright explosive. It will simply be guranteed to be not reusable even if someone intercepts the numbers.
  • but considering this is a one-time thing, wouldn't it be harder to find the culprit and prosecute?
  • cryptological credit card number!

    Here's the process...

    1) Am Ex holds special private keys for all merchants (the merchant only has the public key).

    2) I encrypt my card number, as well as the amount of money using the merchant's public key and send that to the merchant.

    3) The merchant sends the message (he cannot decrypt it) to Am Ex.

    4) Am Ex, decrypts is with the merchant's public key (if somebody else had intercepted, it wouldn't be encrypted with the right key).

    5) Am Ex pays the merchant the right amount from the right credit card.

    Looks safe (to me), though IANACS (I am not a cryptography specialist)
  • by devphil ( 51341 ) on Thursday September 07, 2000 @10:08AM (#797591) Homepage

    how long before a cryptologist breaks the algorith to determine whether the number is a valid entry?

    What cryptologist?

    function isCreditCard(st) {
    // Encoding only works on cards with less than 19 digits
    if (st.length > 19)
    return (false);

    sum = 0; mul = 1; l = st.length;
    for (i = 0; i digit = st.substring(l-i-1,l-i);
    tproduct = parseInt(digit ,10)*mul;
    if (tproduct >= 10)
    sum += (tproduct % 10) + 1;
    sum += tproduct;
    if (mul == 1)

    if ((sum % 10) == 0)
    return (true);
    return (false);

    Blame the shitty formatting on /.'s lack of a <PRE> tag. It took me about three minutes to get it to look even this readable.

    I pulled that piece of JavaScript off of some web page way back when. My notes say (don't recall where I got this part from): Credit cards use the Luhn Check Digit Algorithm. The main purpose of this algorithm is to catch data entry errors, but it does double duty here as a weak security tool.

    For a card with an even number of digits, double every odd numbered digit and subtract 9 if the product is greater than 9. Add up all the even digits as well as the doubled-odd digits, and the result must be a multiple of 10 or it's not a valid card. If the card has an odd number of digits, perform the same addition doubling the even numbered digits instead.

  • by dirk ( 87083 ) <> on Thursday September 07, 2000 @10:09AM (#797593) Homepage
    >>I feel pretty safe buying online

    I felt pretty safe buying online too -- Until somebody somewhere hijacked my card number, and I suddenly had over a $1000 worth of speakers and stereo equipment show up on my bill. No, I did not have to pay for it, and even if they caught the person who did it (a pretty good bet, since the moron also used it to pay his cell phone bill), I wouldn't know for sure that it was from an online purchase becuase they don't release any information about the investigation. But it makes you feel quite vulnerable, and does a lot to make you a little more cynical about tossing your card number around (it was an AmEx, by the way). So, I'm all for this because my security concerns are based on more than artificial worries.

    Buying online is probably safer than buying in person. If you take the normal precautions (secure site that is known) you are almost guarenteed safety. Compare this with a restaurant. You eat your meal and give you card to Joe Waiter to carry away and do whatever he wants. No one steals credit cards off the internet, because it is hundreds of times easier to talk to your buddy who works at Denny's and ask him to get you some credit card receipts. People use stolen credit card numbers on the Net, they don't get them there...

  • I think this is a darn good idea, as long as the number space for the one-time numbers is large enough to avoid collisions for many years between usages. (And the resultant numbers will have to contain some kind of cryptographic signature information so that fraudsters won't be able to just make up random numbers to try and get a hit on an open one-shot account number).

    About how many digits will they have to use to make these assumptions feasible (including the cryptographic check?). Maybe if they go to letters AND numbers?

    This kind of scheme would handle a lot of my objections to giving credit card numbers to untrustworthy merchants (given that I trust AMEX not to release my personal information to anyone else :). I can only hope that other card vendors and/or banks might follow their lead.

    I'm assuming that the one-time numbers are not TRULY anonymous (otherwise AMEX wouldn't know where to send the bill, and/or it would be too convenient for money laundering).
  • Well, they don't have the time/resources to track everything in the Visa/MC/Amex/Discover/Diners/etc realm... they are pretty understaffed as it is (the percentage of audits has dropped each of the last few years). Even if they have them, they don't know they have them, or can't get to them as easily as they'd like... upon request (for audits), I'm sure they could get them (not sure if that is legal or not)... now some other Agency...
  • Personally, my Blue card has 15 digits. Presuming that they have to keep with the same general self-authorizing numbering schemes (numbers so that quick checking schemes can tell right away if the card is bogus) how long could they continue to issue unique "one time use" numbers before overlapping occurs? Couldn't someone just try entering a number at random and more than likely stumble across someone elses current temporary account number?

    Don't get me wrong, these are just questions, I think the system is a great step forward. While I don't EVER use my credit card online unless that "little lock" appears in my web browser and don't let companies store my CC info for quick "one click shopping" (shudder) this will ceratinly help bring a little more confidence to newbie online consumers.
  • by KingJawa ( 65904 ) on Thursday September 07, 2000 @09:32AM (#797604) Homepage
    (1) Turn off computer
    (2) Go to retail outlets
    (3) Pay cash
  • You forget the expiration date on the card. No transaction is complete with out that. It adds an extra 4 digits and would allow reuse of numbers

    Kinda. If the expiration date is MM/YY, MM is restricted from the values 1 - 12, not the full range of values from 00 - 99.

  • No. It is meant to challenge your assumptions.

    The best technologies are ones which don't mystify their users; which are reliable and robust, not cantanerous and prone to disasterous failure from small errors; which work themselves into the fabric of everyday, mundane life so well we don't even think of them as "technology" anymore. One should not have to engage in ritual sacrifice; to learn strange, archane words or glyphs; to prepare extensive containment mechanisms in the eventuallity that what one raises one cannot put down; to have to perform an extensive series of precise gestures to a level of exactitude which demands years of training, lest in erring one looses upon an unwitting world a reign of absolute darkness and terror; or to invoke metaphysical powers... merely to use, say, a spreadsheet. Yet for decades, that has been precisely the experience of many users of commercial software products.

    Geeks are people who delight in being wizards. For us, playing with the arcane is intrinsically enjoyable. But that a technology is arcane does not make it a good technology -- it makes it a marginal technology.

    The best technologies are like hammers, bridges, and automated teller machines. No matter how little the general public understands them, there is nothing mystical, occult or "magical" about them for even the least technical person.

    The "magicalness" of technology is an indication of its poverty of elegance, its brittleness, its limited user interface.

    A "magical" technology is anything but advanced.

  • by rw2 ( 17419 ) on Thursday September 07, 2000 @09:35AM (#797616) Homepage
    As if the IP number shortage wasn't enough, now we're going to run out of AMEX numbers too. AMEXv6 anyone?

    I just hope they didn't issue all the AMEX card numbers starting with 18 to MIT!
  • Lastly, as another poster already said, the government is sure to get twitchy about this. How will they tax anonymous purchases? Requisition monthly transacion records from AmEx?

    The same way they tax cash purchases?


  • by clifyt ( 11768 ) on Thursday September 07, 2000 @09:35AM (#797619)
    They were testing this stuff earlier this year at several tech expos. I received a card worth (I think) worth $50 for sitting there and answering a few questions. They could have just as easily emailed me the numbers and said here ya go, use it online instead of giving me a piece of plastic that was worthless after just one usage.

    Hmm...looking through my wallet I still got it...I probably still have a dollar or two on this card if anyone wants it :-)

    3790 112994 91001
    good 02/00 thru 11/01 be honest, I really wish I had more of these things. Much easier than carrying cash, and I don't have to worry thieves getting access to my Debit Card (long since gave up the credit thing...) and depleting my account and waiting the 8 months for my lousy bank to redebit the 2 grand the fuckers stole and charged up 4 days after reporting it stolen.

    grumble grumble...

  • by Snocone ( 158524 ) on Thursday September 07, 2000 @12:50PM (#797620) Homepage
    Can you elaborate on the potential abuses you forsee?

    Much of tax evasion and illegal activity detection is based on detecting patterns in otherwise unrelated financial data. Data gathered in audits and submitted by financial institutions is placed into one big soup from which patterns are detected and individuals are picked to have the microscope placed upon.

    By providing a next to anonymous conduit for an individual transaction, the possibility of detecting currency flows by means other than direct AmEx record access is reduced by orders of magnitude. This would make IRS fishing expeditions next to useless, and require subpoenas to get at financial information that now can be found/deduced through the regular audit process.

    Like I said, they gonna freak :)
  • if you hadn't bolded it, I mighta let it slip by, but this is a geek forum, so let's use geek terms accurately: if theory does not agree with reality, it's not a theory.

    True. Okay, the hypothesis is that anonymizing an individual transaction removes no accountability. In reality, we will find that since a single point of contact can be used for individually anonymous transactions, the detectability of unlawful currency flows will be decreased greatly.

    If your current credit card is not against the law, why would more credit card numbers be against the law?

    CC numbers aren't illegal. Evading reporting regulations on currency transfers is illegal. With regular credit cards possessing a single number their use to evade these requirements is not practical. With an individual identifying number per transaction with no connectivity apparent outside the AmEx databases, coupled with some fairly basic effort to not make all transactions come from the same IP or something stupid like that, it suddenly becomes VERY practical indeed to shove funds around in pretty much complete confidence that you won't show up on anybody's radar.

    (I don't think this is flamebait either ... buddy is a little bit slow, that's all ;)
  • 16 digits here. Assuming they are using 16 digits, of wich 14 are useful (probably closer to 13) they can have 1 billion people (9 digits) do one hundred thousand transaction each (5 digits)(on average). Assuming a person does one transaction every 2 days, that gets to 600 years.

    so 60 years if you have 13 useful digits.

  • by lizrd ( 69275 ) <{su.pmub} {ta} {mada}> on Thursday September 07, 2000 @10:11AM (#797630) Homepage
    Actually the key space is significantly more restricted than this. The paragraph below explains this and is quoted from []

    What Do the Numbers on My Credit Card Mean?
    Although phone, gas and department stores have their own numbering systems, ANSI Standard X4.13-1983 is the system used by most national credit card systems. Here are what some of the numbers mean:

    • The first digit in your credit card number signifies the system -- 3=travel/entertainment cards (such as American Express and Diners' Club), 4=Visa, 5=MasterCard and 6=Discover Card.
    • The structure of the card number varies by system. For example, American Express card numbers start with 37; Carte Blanche and Diners Club with 38.
    • American Express: Digits 3-4 are type and currency, digits 5-11 are the account number, digits 12-14 are the card number within the account, and digit 15 is a check digit.
    • Visa: Digits 2-6 are the bank number, digits 7-12 or 7-15 are the account number, and digit 13 or 16 is a check digit.
    • MasterCard: digits 2-3, 2-4, 2-5 or 2-6 are the bank number (depending on whether digit 2 is a 1, 2, 3 or other). The digits after the bank number up through digit 15 are the account number, and digit 16 is a check digit.

    They're - They are
    Their - Belonging to them
  • credit card numbers are already instantly available in their wallets. Overextended credit already happens all the time (and making purchases you can't afford is what keeps credit card companies in

    There is a problem with your reasoning: Amex is not a credit card, it is a debit card. You are required to pay the entire balance every month. A credit card allows you to not pay the full balance, but you pay a high interest rate (in general) if you don't.


    Put in the cash you want when you want. It works like a mastercard, at any store that takes mastercard. Simple. Easy. Effective.

  • Don't mean to nitpick, but at anytime you get your card can call up the card company and cancel it. That's why it doesn't really bother me. I'm not liable for the fraud as the consumer, the cards are.

  • The article is amazingly scarce on technical details.

    Anonymity is not the intended purpose of these cards. The purpose of these cards is to generate credit card numbers which are one-time use only so that anyone stealing them has no use for them.
  • Too bad this neat methodology will be patented to death, so only the big boys can play with it.

    Not if you publish it first- and you can make a reasonable claim that you have now- and press your claim to prior art. Just because big companies have been vigorous in playing the patent game doesn't mean that you have to give up. When you have a good idea like that, work out the details and publish them. That will allow you to produce a claim of prior art and keep the idea in the public domain.

  • No one steals credit cards off the internet

    Except those cases where these "reputable merchants" had an architecture that left their SQLServer databses exposed on the Internet and they got sucked dry. I had my CC number stolen, and it was not log after CDNow (or one of those guys) had their database scarfed off of the 'net.

  • Yes, but some cards are trying to encourage ONLINE transactions and thus even waive the deductable. My card does that currently. While I don't like paying for the $50, I'd rather pay that than what a guy can charge for my limit!

  • Eventually, someone will develop "e-checks". Essentially, it'll be like writing a check to
    cash right now. The bank gives you a check number
    (say 16 alpha-numeric = 80 bits worth), you
    tell them the dollar amount, which is debited
    from your checking account. You forward the
    bank identification (their routing number),
    the check number, and the amount to the merchant.
    He gives that info to HIS bank, which collects
    from your bank.

    All this can happen in real time. You shop online, find something you like. Open another window to your bank, and get a check number.
    Copy/paste the number into the merchants form,
    with the amount and bank rounting info. The
    banks do some back office magic, and your payment
    is in the merchant's account immediately.

    Stealing the number does no good, since it is
    only valid for one transaction. Similarly, you
    eat at a restaurant. You get bill. You pull out
    PDA and get a check number from your bank. Give
    to server. Server takes number over to their terminal. A few seconds later it comes back as
    good/paid, and everyone goes away happy.

    There's no reason you couldn't do this with a
    credit account. Instead of giving the card
    to a store clerk, you swipe it through the
    card reader in your handheld PDA. Your credit
    card issuer then gives you a single use number to
    give to the clerk. Clerk feeds it into the
    terminal, and it clears.

  • For truely anonymous purchases we need prepaid cards that you can purchase anywhere just like phonecards. If those prepaid cards would act like a credit card online then it would be perfect. You could buy these cards at the local grocery store with cash. Suddenly you have a card that acts like a credit card without anyone knowing who you are. Granted if your buying something that needs to be sent to you they get your address but for micropayments and such where you're only getting digital data back, it would be perfect.
  • by auto85842 ( 225715 ) on Thursday September 07, 2000 @09:39AM (#797652)
    We should be asking ourselves what we want the on-line transaction of the future to look like. This is certainly one way of doing it, and you can bet that Visa and Mastercard will shortly follow suit, but is it the best way?

    It certainly has advantages over typing your card number into 50 different on-line databases, but your credit card itself is still the weak link in the chain. Sooner or later the question of authentication will rear its ugly head. How do you know that it was really Joe Shopper requesting that disposable number, and not Joe Cracker?

    On another note, notice how anonymity is hyped in the article, and sometimes used in place of privacy? Do we have an unlikely ally in our quest for true web anonymity (i.e. "You don't know who I am."), as opposed to privacy (i.e. "We know who you are. Trust us; we'll try really hard not to tell anyone.")?

    Lastly, as another poster already said, the government is sure to get twitchy about this. How will they tax anonymous purchases? Requisition monthly transacion records from AmEx?
  • Eggheads blurb seems a bit nonsensical.

    They are saying that if you use the extra three digits for this transaction then they will be more sure that it really is you. On the other hand if it wasn't really you, they'll still happily accept a number without the CVC(or whatever they want to call it, I think CVV is Visa and CVC Mastercard, but they are essentially the same thing).

    So how are you more protected? Er, well you aren't. They are probably trialling the acceptability of asking for the extra info in the marketplace and don't want to put people off who are confused by the extra requirement.

    In the long term the CVC will add another layer of protection (mostly for the merchants, as they are the one's who bear the cost of most of the fraud) but only when they require it's use (and Visa/Mastercard at least will be demanding this of internet merchants, and possibly all non-signature backed transactions, in the not too distant future.)

    Basically all the CVC does is 'prevent' the use of CC generators and the easy lifting of credit card numbers from receipts for later 'anonymous' use.

    'Prevent' is probably too strong a word.

    If you generate a CC number you still have a 1/1000 chance of getting the right 3 digit CVC, though perhaps the CC companies have an ace up their sleeve to prevent a perl script being used to try all the combinations one by one on sites across the internet.

    The CVC is only three digits long and is plainly visible on the signature strip of your card. I don't think it would be too difficult for an unscrupulous sales assistant to remember it and note it down, particularly if the shop isn't that busy.

    It is better than nothing though and the dirty secret with e-commerce is that fraud costs merchants big-time and they'll take what they can get to help prevent it.
  • Where do you get the cash? Atm? Bank? Liquor Store Robbery...

  • AOL gives you 10 free hours^H^H^H^H^H^H^H^H^H^H^H^H^H 20 free^H^H^H^H^H^H^H 30^H^H 50^H^H 100^H^H^H 200^H^H^H 250^H^H^H one month of free service when you first sign up with them, based on your credit card number. Of course, I wouldn't do it even if I had a big pile of numbers, just because AOL's service isn't good enough that I'd take it for free, but I'm sure a lot of people would.


  • The income tax people have nothing to do with it.

    No, but they depend on individuals' financial activity being cross-referencible to detect infringement of their regulations. This technology makes that detection very much harder. They won't like that.

    I guarantee you that purchases you make with your "disposable" CC numbers will show up on your regular Amex bill. Not that the IRS gets copies of peoples' Amex bills to begin with.

    Exactly so! They depend on the traceability of your CC number to detect individuals contravening the norms and thus throwing up "AUDIT ME" red flags which let them get into AmEx's records. Remove that traceability, and you have what amounts to a financial radar jammer, making it that much harder to detect who's playing games with money.
  • Who needs smartcards? I've been telling people for years that the best solution to the "stolen card number" problem is a one time pad. Its a trivial change to exisiting system. You just include a 10 or so digit number in the "address 2" field of most software and have the bank look for it with their address verification system. Then you print 5 to 20 large randomish numbers on a statement and let the cardholder enter that in a special box.

    This requires no new hardware, very little new software and most of that lives on about 7 main computers for MasterCard or Visa.

    Too bad they have been blinded by SET and since they have dumped so much money in that technobable system they aren't going to trash it even though it adds no real security to the payment system. Before I get flamed for flaming it, keep in mind that with most real strong crypto, if you can guess the content, you don't need to guess they key.
  • How will this effect online banking and accounting? You would have to tie this "anonymous" account number to YOUR account...
  • by Snocone ( 158524 ) on Thursday September 07, 2000 @09:43AM (#797676) Homepage
    What is this guy talking about? Offshore accounts are legal.. if used for legal purposes.

    But anonymous and undeclared accounts are NOT legal. Also, any financial transaction over a certain threshold is illegal for a US citizen, period, unless the appropriate form is submitted to government by the financial institution. It seems to me that this technology can be very easily applied by anyone who gets a merchant account to achieve near-complete financial impenetrability for money transfers, aka "laundering".

    And its not like these credit cards are going to be regulated any different then normal credit card

    In theory no. But in reality, I believe that the technology as described allows for very easily circumvention of existing financial regulations.

  • by JazzManJim ( 196980 ) on Thursday September 07, 2000 @09:44AM (#797677)
    Here's how it would likely work:

    The numbers need not be "one time only" usage by AMEX. Basically, AMEX only needs to keep the number active long enough for the transaction to be processed, which would last perhaps one month, then the number goes back into circulation. What they would track then is an activity log for each number (for each number, who used it, when, and where) and an activity log for each user (what number they used, when, and where). Any billing questions can be referred to the log for archive purposes and the numbers stay active only for as long as they're needed, then AMEX drop them back into general circulation.

    This is not going to be an easy accounting task: issuing number, tracking their usage, deactivating, then reactivating them. I can tell you that I'm pretty good with logistics (being a police dispatcher tends to develop those skills ) and it'd be a nightmare for me to track. I'm not sure of any better way to do it, though.

    If there's going to be a security loophole, it'll come in the time a number is active, after the transaction is processed, but before the number is deactivated and put back into circulation.

  • That was my though exactly, but what if the system issued the credit card AFTER you made the payment, with the limit set to the payment amount and the expiration date set randomly?

    Then you couldn't easily brute force it, and you wouldn't get more than a couple dollars if you did. Also, in case of an abuse by a small company, you could specifically tag the payment to only one payee. Then it works out well.

  • What a neat idea! At least it seems as though it would be an electronic equivalent to a travelers' check.

    Numbers could be handled easily. These "credit cards" could be "sold" either individually or in lots. Once a number is issued, it could be reserved, certainly until used, or until some fixed amount of time has passed. Subsequently the number could be reissued, though it might be a few years before that happens.


"The pathology is to want control, not that you ever get it, because of course you never do." -- Gregory Bateson