Consumers are increasingly concerned about payment card fraud, but it remains to be seen how much work they’re willing to do to protect themselves when they’re not directly liable for monetary losses from stolen cards.
Token Payments Inc. is going to test consumers’ interest in helping to block card fraud by launching a mobile app that generates a pseudo identity with an alias card number that consumers can use instead of their real card for online or telephone purchases.
For each purchase with a new merchant, consumers may turn to the Token app to generate a fresh, virtual Mastercard account number with a different, random name and number representing their actual payment card, Token announced on Thursday.
The goal of the service is to give consumers peace of mind when making e-commerce purchases by substituting card details, and since Token began testing it in August, the response has been positive, said Zohar Steinberg, founder and CEO of the New York-based company.
The fact that the actual shopper’s name doesn’t match the one on the virtual card is irrelevant for card-not-present transactions, and it gives consumers who have tested the service a deeper feeling of security, Steinberg said.
“Consumers may not have actual liability for card fraud, but what they lose when someone hijacks their card is the painful currency of time, when they have to contact their bank and get a new card, and update the payment card details stored with sites all over the place,” Steinberg said.
Analysts say consumers typically aren't interested in going through the trouble.
"Unfortunately, consumers are well aware of their limited liability for fraud, so while they give lip service to being concerned about fraud, convenience usually trumps security," said Julie Conroy, research director at Aite Group. "Fraud protection is table stakes for consumers in their interactions with banks and merchants, but not something most are willing to pay for, nor are they willing to adopt new behavior patterns."
Token's security goes beyond interception by criminals during the transaction, Steinberg said.
Once a Token user pays at a specific merchant with an alias card, that card stays on file and can be used only at that merchant, so in the event of a data breach, a Token virtual card can’t be used at another merchant, he said.
Token’s service is free to consumers. The company earns revenue through interchange passed through via Mastercard and Marqeta, with no extra charge to merchants.
Early next year Token plans to begin a pilot with merchants who may offer Token as a button on e-commerce checkout pages, which would add a level of security to those transactions, Steinberg said. Token plans to offer participating merchants a no-chargeback guarantee.
Token’s initial onboarding process takes less than two minutes, when the company compares identity data the consumer supplies plus device identification and rapid testing, Steinberg said.
“With breaches becoming a daily occurrence, we believe that consumers should have the ability to control their privacy, including their payment instruments,” said Dave Matter, chief product officer at Marqeta, which acts as the issuing processor for Token.