In a bid to reassure skittish consumers, American Express announced a new product Thursday that will use 'disposable', one-time credit card numbers for on-line shopping. Once the number has been used, it is cancelled, meaning that the compromise of a Web-site's customer database would not yield a working CC number from those using the scheme, though it might yield other personal information.
The service, called Private Payments, will be available to cardholders in the United States starting in October, the company says.
"While the Internet has dramatically eased the way consumers research and purchase products, it also has increased concern for protecting privacy and security," AmEx Consumer and Small Business Services Group President Alfred Kelly said.
The scheme will add a second step to making on-line purchases. Users will have to log on to American Express and select the card they want to bill for their purchase.
A second credit card number and expiration date will be generated, which cardholders then give to the on-line merchant. The purchase will be charged to the cardholder's American Express account and will appear normally on the monthly billing statement, though the merchant will never know the true account number. Thus, unauthorised multiple billing will be impossible.
The positive impact of this service will be limited to a rather vague sense of improved security among the public, unless consumers use it regularly, and Visa and MasterCard get into the act as well. But the basic idea is clever, simple and sensible, and we wonder why no card provider bothered to offer it sooner.
To further reassure consumers, AmEx plans to launch another product which will enable users to choose how much personal information they reveal while surfing the Web. The service is being developed in cooperation with on-line privacy outfit Privada, in which American Express has made a minority investment.
Canadian outfit ZeroKnowledge already has such a product, called Freedom, available here. ®