The O-Card worked as follows:
- You get to a checkout on an on line site looking for credit card details.
- Fire up the O-Card application and log in.
- Select the credit limit for the one time Credit Card.
- It gives you a Credit Card number with the same user name and billing address as your real card that has the following differences:
- It can only be used once. As soon as the vendor clears the transaction it can no longer be used for anything.
- It has a low credit limit - provided you chose to do this of course.
- The Card number and CVV2 number are different
- The issue date is the current month and the expiry date is next month.
- I give these details to the online vendor and my order clears.
- If they are evil and chose to try and reuse the number or are unlucky and get hacked by some Zero day sploit or are stupid\inept and just let my details get stolen later I don't care. In all cases the card number is useless.
- All I have to worry about is whether I get my stuff and my real credit card remains safe.
In their defence the O-Card application model probably had some serious security problems but frankly since there hadn't been a single update to the client app since 2002 (and maybe even 2001) I think that no one was really making any effort to make the client any better. Suggesting that we all just trust "Verified by Visa" is certainly a lot easier for them though and I suspect that their risk assessment process just told them to dump the service since it wasn't very popular. Its low popularity had a lot to do with the fact that their marketing of it was abysmal but what do I know about marketing eh?
There is a very costly alternative available in the form of 3V Vouchers but their charges and terms of use make money lending look like a socially responsible business. OK that's unfair but I find the Euro 5 - 7.50 per transaction fixed fee detailed in their terms and conditions to be outrageous given that these are really targeted at folks who can't afford a real credit card and these are a totally risk free pre-paid voucher as far as the issuing card company is concerned. Compared to the zero cost per transaction of the O-Card it really doesn't seem right to me but I suppose they have to make a shilling after all. Frankly I suspect that the demise of the O-Card and the rise of these vouchers is related but I might just be getting too paranoid.
All is not lost however because it seems that Paypal are launching something similar. This blog post from Techimo points to this Paypal info page that describes a new Paypal service\utility that is not hugely dissimilar to the O-Card. I'm quite keen to see this come out of restricted beta and check how well they have implemented this. It's the first positive sign that I've seen that one of the large operators in the online payments game is making a serious effort to give end users a more concrete way of managing the risk they are prepared to handle when paying for things online. For me I'm just looking forward to being able to shop with confidence at www.wearaetotallydodgy.com again. Happy days.
1 comment:
from what I have read about O-card I can make a conclussion that this card is rather conviniet, but to my mind it would be safer if you did not have to enter your actual card number.
Post a Comment