[Feature Request] One Time or "Virtual" credit card numbers

john2691
john2691
Community Member

With Apple recently announcing a "Login with Apple" option, with an obscured, site-specific email address feature, I started thinking about the use of virtual credit cards when shopping online. Has anyone at 1password discussed the use of Virtual Credit Card numbers, ala MaskMe or Blur? Obscured email addresses would also be a great addition, but obviously have a less significant impact if leaked or stolen. I would gladly pay extra for this feature in 1password.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • gazu
    gazu
    Community Member

    @john2691

    If you use Apple Pay or Android Pay they both create virtual card numbers which solve this problem.

    AgileBits don't have anywhere near the resources that Apple and Google and creating such a feature would require cooperation with the banking industry across the world. Then other password managers would want in and that's not something the banks want the hassle of.

    There's not much point in 1Password reinventing the wheel here when two very good and widely adopted solutions already exist. The same holds true for throwaway email addresses.

    The new Apple login feature will only be mandatory where a developer already has third-party integration as part of their login process.

    Every extra feature that gets added to 1Password is a security vulnerability however well implemented. Keeping a password manager simple (and the code-base small) is unspeakable important for this very reason.

  • john2691
    john2691
    Community Member

    @gazu

    I do use Apple Pay whenever possible, though the majority of sites don't support it. As far as resources, Abine is able to do it, and doesn't seem that much larger or more "persuasive" with banks than AgileBits. Of course, I can't see the funding or company structures, so this is just speculation. I'm sure this is no trivial task in any case, but I just thought it would be a worthwhile feature.

  • gazu
    gazu
    Community Member

    @john2691

    Albine aren't "able to do it" - they do something quite devious and dangerous. ;)

    Dig into their Privacy Policy and you'll see:

    You're buying the right to access Abine's credit line in the amount you specify for the Masked Cards you create. As such, you'll see “Abine, Inc.” listed on your Personal Credit Card statement as the merchant, even though you'll spend the Masked Cards at other retailers.

    That's a huge problem for the majority of consumers because you're forfeiting your legal protections! Most jurisdictions give consumers extensive powers of redress through their credit card company if the retailer goes bankrupt, doesn't fulfil their contract or provides goods not fit for purpose.

    By using a Masked Card your contract is legally through Albine and not the retailer. Because the contract is fulfilled once Albine provide you a Masked Card number the credit card companies won't intervene if the retailer doesn't provide their goods.

    So, you say, you'll approach Albine - but they expressly disclaim this:

    You understand and agree that Abine is not responsible for the goods or services that you pay for using a Masked Card. Each seller that you purchase from is responsible for providing the goods and services that you purchase and for providing all customer service related to those goods and services. We recommend that you review a seller's policies before completing your purchase. You are responsible for resolving any disputes that you may have with a seller.

    In the interests of good customer service you'd hope Albine would refund you in a dispute but that's all it is, a hope. They're not legally obliged to.

    And if you want to take them to court:

    We're from Massachusetts, so that's where we'll go to court if we ever get on each other's nerves. You and Abine agree that all matters arising from or relating to the use and operation of our site or services will be governed by the substantive laws of Massachusetts. You agree that all claims you may have arising from or relating to the operation, use, or other exploitation of the DeleteMe service will be heard and resolved in the federal and state courts located in Massachusetts. You consent to the personal jurisdiction of such courts over you, stipulate to the fairness and convenience of proceeding in such courts, and covenant not to assert any object to proceeding in such courts.

    There you have it - they don't really provide you a "Masked Card", they use their details to provide you a line of credit before deducting the sum from your bank account. Sure, they don't provide you details to merchants but by not doing so you've relinquished most of your legal rights. :|

    When you purchase in store or online with Apple Pay or Google Pay they provide a true 'masked card' number and, most importantly, the name of the retailer shows up on your credit card statement. You get full legal protection from your bank / credit card company if things go awry - this is only possible because of the deals they've done with financial institutions worldwide.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @gazu: That's a very helpful summary. Thank you. :)

    I'll just preface by saying that (I think) none of us are legal professionals (at least I am certainly not), so it may be a good idea to consult one (and a financial adviser) rather than depending on a discussion like this to make what could prove to be important life decisions. privacy.com is pretty similar I think. These can be valuable services, but it's critical that we understand what we're signing up for -- and that's really the hardest part.

    Having a big name like Apple or Google spearhead this stuff is beneficial, and I'm sure they'll both continue to push things forward. Certainly Apple Pay and Android Pay are not accepted everywhere, but I've seen accelerated adoption all over as time goes on, not for one in particular, but as standard NFC payment rolls out terminals as vendors replace or upgrade their terminals (inevitable, really) it helps both ways. Some people still swear by cash (though not in Sweden), but even without contactless payment available I will go for the plastic because of the protections I get with that as a consumer. Looking forward to ditching even that someday though. Cheers! :)

This discussion has been closed.