Throwaway Card Details


#1

A nice feature to have could be throwaway cards so if you wanted to make an online transaction but wasn’t 100% sure about handing over your actual card details you could generate a new card to be authorized for a single transaction instead and ensure your account couldn’t be compromised by bad security or malicious intent.


#2

This is a good idea. I think if a website allows you to pay with apple pay or android pay then the merchant doesn’t get the details? So similar thing can be achieved if websites allow you to do that.


#3

This is definitely something that we have discussed internally as a possibility. @sarah.guha or @ben.chisell might be able to provide further information.


#4

Brilliant suggestion @GeorgeBroadley I think a lot of people would use that.


#5

Sounds a good idea, but my first question is if you are having doubts about a transaction, why would you continue to go through with it, temporary card or otherwise?


#6

You can have doubts about security and still want/need to make a transaction. When high profile companies like Adobe and TalkTalk can overlook security and get hacked it’s a legitimate concern over smaller companies.

In an ideal world you wouldn’t need this as companies wouldn’t store card details on their own servers but you don’t know for certain.


#7

I get the doubts, but then by that logic you’d need a new card for almost every transaction.

I think it’s a good idea, I’m just curious under what circumstances you’d buy something with doubts.


#8

I guess if you’re trying to be cautious. Like for me, I try and use PayPal, Stripe or Amazon Pay everywhere online so I’m not handing my card details to other companies but there are times where you have to give your actual card details as they don’t support third party payment services. In this scenario I would want to use throwaway card details.


#9

We have definitely given this some thought, I’m interested to know what you would find more value - throwaway card details that you use just once, or dedicated cards details for things like subscriptions or Netflix/Uber? Let me know what you think?


#10

are they not the same… design the cards so that they can be used for subscriptions but can be cancelled at any time (maybe after a single use :sunglasses:) :man_shrugging:t2:


#11

Well I keep getting these emails from a Nigerian Prince who’s stuck at an airport with a lot of money he’s trying to transfer out of the country…:slight_smile:


#12

Currently using a credit card is the easiest way of mitigating risks when you need to make a transaction - using the example above relating to online transactions I could definitely see the value in being able to generate a single use card number, expiry date and security code that you can request and pre-approve for the transaction amount within the app.


#13

Personally, I didn’t think of this but this is a great idea. @sarah.guha


#14

Not to purposefully pee on anyone’s bonfire. Whilst I think having a couple of ‘Virtual Cards’ is a good idea and can maybe help people manage their money better I don’t know if single use cards would be viable and I don’t think it would be a limitation of Starling.

There are only so many digits in a card number, and some other those numbers are already used for identifying the card type (Visa, Mastercard, American Express, etc), whether it’s Credit/Debit/Prepaid, etc and then the issuing bank/card processor only leaving Starling with a finite number of available combinations. If we’re going to issue a new ‘card’ for every number then we are very quickly run out of numbers.

IT geeks can relate to the exhaustion of the IPv4 address space and the extremely slow and painful move to IPv6. I for one don’t want to have a bigger card or a card with tiny writing because they’ve got to fit something like 2a09 fba0 85a3 b00b 1e59 8a2e fd70 7348 on my card with an equally annoying CVC_3_ on the back! Imagine having to give that out over the phone or something!


#15

I would have thought Starling could create ‘single use’ pool of card numbers that could easily be re-used, simply assign them to the customers account until the requested transaction/pre authorised amount has been requested and completed with the vendor (or a pre-determined number of hours has passed) then add that card number back into the single-use pool?


#16

I see your argument but then that’s not really a single-use pool because it’s being used multiple times. Also, if the card is re-used some months later, who’s responsible for it?

Say a fraudster gets the details and keeps them, sells them on and someone else abuses it. You’ve then got someone else completely innocent having to deal with the consequences of whoever last used the card number? To me that sounds like it would cause more grief than using your own card number in the first place!


#17

Apple and Android Pay already do this and then there is PayPal. If as I do you use a credit card for anything over £100 then you’re covered there too.


#18

That’s why I suggested pre-authorising the transaction amount and only having this valid against your account for a set number of hours. Once that transaction has been completed or the time limit is up the card number is de-activated. When it’s re-assigned to the next user it will only be valid for their transaction amount requested, plus the expiry date and security code will change each time etc.


#19

I don’t think the theoretical limit is that much of an issue. Considering that billing address, CVC code, expiry date and card number all have to match then you just need to ensure that the same combination of each are never used together. You card number has 8 digits that can be changed to anything between 0 through 9, the CVC has 3 digits that can be changed 0 through 9, the exp date can be any date in the future and your billing address is most likely unique to you and maybe one or two other people on Starling at max.


#20

Ah I see, yeah those scenarios would make more sense. I was assuming Card Number and CVC would have to be consistent throughout but I guess they could be different. I also see the point about telling Starling in advance about what the transaction amount would be. I withdraw my skepticism!