So iTunes got hacked and some users saw unauthorized purchases up to $600 in their accounts.
I’m shocked. Not at the fact that iTunes got hacked, but that users exposed their credit accounts to such extent. Websites do get hacked, it’s a fact of life. Users need to change their passwords, consider what other sites may get compromised, and generally think of getting more secure password management schemes – but it’s all too late. Why not protect your credit card in the first place?
You don’t ever have to submit your credit card number online.
No, I’m not saying give up the convenience of online purchases – just don’t use your real credit card number. I haven’t, for at least a decade. Instead I’ve always used Citbank’s Virtual Credit Card Numbers. It allows me to generate an ad-hoc credit card number for a specific vendor, either for one-time use or for a period of time with a dollar limit.
There are many other use cases, not just theft / hacking: think of all those subscriptions you just can’t cancel… they keep on billing, and you can’t just shut down the offending vendor, your only choice is canceling the credit card itself. A major pain. With a virtual number you go online and remove the particular vendor’s instance.
I’ve been living in the secure world of virtual credit cards for a long time, and simply took it for granted it’s the norm by now – I’m really shocked to see now how few providers offer it. All I could find (at least in the US) was Citi, Bank of America, Discover, and there was a half-cooked attempt by PayPal, first called virtual debit card, then secure card, but I believe it is now discontinued.
Shame on the Financial Services industry, throw-away credit cards should be the online standard in 2010. I’m not advocating any particular service (Citi’s implementation – the software side – is outright shabby, but the safety is worth it) but it might be worth signing up for one of these services just for the sake of safe online purchases.