Virtual Numbers Add Security to Credit Card Shopping

Some mobile wallets offer this feature, which randomly generates virtual digits that are linked to your credit card.

woman using mobile wallet at a checkout

Protecting your credit card information from fraudsters is a job with many layers. It’s a good idea to check your credit report and bank statements frequently, and you can prevent someone from applying for credit in your name by freezing your credit records.

For extra protection, you may want to start disguising your actual credit card number with a virtual number—especially if you plan to do most of your shopping online this holiday season. Most Capital One and select Citi cards, as well as mobile wallets from Apple, Google and Samsung, offer this feature, which randomly generates virtual numbers that are linked to your credit card.

Capital One cardholders can protect online transactions by downloading and installing the browser extension Eno. When you are on a merchant’s checkout page, the extension pops up, you sign into your Capital One account, and Eno generates a merchant-specific virtual credit card number. (The numbers expire in five years.)

Subscribe to Kiplinger’s Personal Finance

Be a smarter, better informed investor.

Save up to 74%

Sign up for Kiplinger’s Free E-Newsletters

Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.

Profit and prosper with the best of expert advice - straight to your e-mail.

Sign up

Citi members must log in to their credit card account and opt in to use a virtual credit card number. An update rolling out by the end of this year will let users generate one virtual number for multiple merchants.

Mobile-wallet users have the advantage of being able to create virtual credit card numbers to use in-store as well as online. For example, Apple Pay stores a “token,” or a device-specific account number, that acts as a stand-in for your actual credit card number once you add the card to the mobile wallet. This token is encrypted and stored on the device. At checkout, Apple Pay will send the token information and a transaction-specific security code to the merchant, who relays it to the payment network, where it’s verified against the stored information. Google Pay and Samsung Pay work more or less the same way.

Keep in mind that because the merchant doesn’t have your actual card number, it’s important to keep a record of your receipt in case you need to make a return.

Rivan V. Stinson
Ex-staff writer, Kiplinger's Personal Finance

Rivan joined Kiplinger on Leap Day 2016 as a reporter for Kiplinger's Personal Finance magazine. A Michigan native, she graduated from the University of Michigan in 2014 and from there freelanced as a local copy editor and proofreader, and served as a research assistant to a local Detroit journalist. Her work has been featured in the Ann Arbor Observer and Sage Business Researcher. She is currently assistant editor, personal finance at The Washington Post.