NEW YORK (MainStreet) — A Johannesburg financial tech company has developed an app that enables users to create a credit card number from their mobile phone, generating a virtual credit card for every online purchase. During a time when credit card fraud is rising, the app is likely to be welcomed, but will it really be fraud-proof?
Zazoo, a subsidiary of Net1, a leading electronic payment system provider, has generated an app known as VCpay. Users download the app and then upload money onto it by depositing funds into an account via a bank or credit card, or by using EasyPay cashpoints. Users then generate a credit card number, creating a VCpay Virtual Prepaid MasterCard on their phone and can use it to make purchases that do not require a physical card.
As the VCpay website says, by creating virtual credit card numbers, users never expose their true account number, thus helping to secure their identity and account from fraud. Furthermore, with no bill to pay at the end of the month, VCpay users don’t run the risk of acquiring late fees. To sign-up for the prepaid system, no bank details are required, and the company does not perform credit checks.
As well as paying for goods online, the new banking app provides a full mobile banking solution, enabling users to check their balance, view transactions and locate their nearest loading provider.
VCpay speaks of how the virtual credit card eliminates the discomfort many online consumers feel about exposing their credit card number online. Another advantage of virtual credit cards, the company claims, is that they “can only be charged up to the amount that you specify, and cannot be reused once that limit is reached.”
It’s no secret that online credit card fraud is on the rise. In August, the Nielsen Report estimated that in 2014 payment card fraud reached $14 billion globally. According to the report, card fraud had risen by 19% in 2014 and card sales had only increased by 15%.
Some 47% of credit card fraud worldwide occurs in the U.S. As The Telegraph reports, the increase in financial fraud online comes despite a “rollout of more stringent log-in processes, such as issuing customers with 'security keys,' calculators that generate new passwords each time a customer wants to access their accounts.”
If such sophisticated anti-financial fraud devices aren’t making the grade in stamping out online banking fraud, it begs the question: does a virtual credit card app really have the answer?
Steve Kenneally, vice president of the American Bankers Association, is keen to shout about the anti-fraud attributions of the virtual credit card. It’s like “putting a wall” between your transaction and your regular account, Kenneally told CreditCards.com.
“It’s just one more tool in the consumer’s toolbox if they want to help protect themselves from all the trials and tribulations that come from having your credit card compromised,” Kenneally continued.
However, the virtual credit card is not without its criticism. As My Bank Tracker notes, verifying transactions in certain situations can be problematic. For example, if you reserve a hotel room online through this virtual encryption process, you may run into trouble when, upon arrival at the hotel, you are asked to present the credit card you used.
Returning goods can also prove difficult if you’ve used a virtual credit card to pay for the item. As being refunded onto a virtual card isn’t as clear cut as when using a conventional credit card, consumers may have to accept a gift card or store credit in lieu of having the money directly refunded.
As Jeremy Mozlin, author at Century Business Solutions, experts in providing cutting-edge payment processing technologies, acknowledges, whilst in combining the same NFC technology as contactless cards with the added of advantage of being completely virtual, means virtual cards win the award for safest card, no card is completely fraud-proof.
“All throughout history, we’ve preyed off each other when necessary, and, when technology exists to steal someone’s money, some people will devote their resources to learning about it and ultimately employing it for their own use,” Mozlin warns.
Rajinder Tumber, cyber security specialist at RS Tumber Ltd, shares Mozlin concerns. Tumber said that while new technology brings new innovation, it almost always brings new risks and vulnerabilities; he believes virtual credit cards will eventually bring a new set of problems for users. Tumber spoke of how with virtual credit cards, certain spending parameters can be controlled, such as the amount and location of spending.
“However, can these spending controls be changed by a man-in-the-middle (MITM) attack?" said Tumber. "Such an attack can change these controls without the user’s knowledge. Considering cybercrime kits, such as the Zeus and SpyEye Trojans, MITM is a credible threat.”
The cybercrime expert also warned of the potential treats of mobile banking apps. He cited research carried out in 2014 by Ariel Sanchez, a researcher for security assessment company IOActive. Sanchez tested how banking apps communicated with security options, information exposed through logs and any inherent vulnerabilities. He researched 40 different iOS banking apps utilized by 60 different banks in approximately 20 counties.
The research found that all 40 banking apps could be installed and run on jail-broken devices. As Tumber explains, jail breaking prevents iOS protection, allowing restricted resources to be accessed. Not only this, but 70% of the apps offered no two-factor authentication. So if the mobile device is stolen as well as the username and password, there is no additional layer of protection against authorized access to the mobile device/bank account.
Furthermore, even when using encryption, 40% of the apps did not validate the authenticity of digital certificates received from the server, thus, according to Tumber, “rendering them vulnerable to MITM attacks using fake certificates.”
“The concept of virtual credit cards is good, and I commend those who bring new ways to counter cyber-attacks," Tumber said. "However, this new innovation requires further testing in the consumer market. Whilst these cards bring heightening security, cyber criminals constantly explore innovative ways to discover new attack vectors, and mobile apps have already been found to be vulnerable to attacks.”
Though for some who have been the victim of financial fraud online, the prospect of using a virtual credit card appeals. 39-year-old Rebecca Jivani from London has fallen victim to credit card fraud, twice. The first time £750 was racked up on her credit card in online stores and the second a company she had used on the Internet used her card to take another £150 the following month. “I am definitely willing to try a virtual credit card if it can put a stop to hackers compromising your details resulting in a nasty shock when you check your statement,” Jivani told TheStreet.
It seems the virtual credit card may be a plausible option in helping to stamp out burgeoning credit card and financial fraud online. The only problem is that as the developers become more sophisticated so too do the criminals.