Disposable credit cards are the latest answer to the problem of Internet fraud, according to Irish software firm Orbiscom, which announced an innovative system for online payments.
Dubbed Controlled Card, Dublin-based Orbiscom claims the system removes the necessity of sending real credit card numbers over the Internet. According to Orbiscom, this will dramatically raise security standards for individual payments.
The system will only be available via banks with online facilities. Irish banking consortium AIB Group is the only bank, so far, to back the process. A user will log onto their bank's Web site via a 128-bit SSL (browser-based) secure connection and request a number for a particular transaction. This number is then used as an ordinary credit card number, but only the once. The consumer can also set a maximum limit for each transaction.
Orbiscom isn't the first Internet security company to tout its technology as a "breakthrough" in the battle against Internet fraud. However, computer security experts have heralded this as a considerable step forward.
According to Richard Stagg, senior security architect with UK firm Information Risk Management, it is a definite improvement from conventional online credit card transactions. "This sounds like a great idea," he says. "If someone gets hold of numbers from a site, then they are useless. It's also a useful tool for tracking. Anything that is one-time is inherently more secure than something that is reused."
Encryption expert Brian Gladman is similarly impressed. "It is a very good way of protecting against sites with databases full of credit card numbers. I think it's perfectly sensible, if it's implemented properly."
There are still question marks hanging over the technology, however. Stagg points out that it may complicate matters for the many Web sites that hold credit card numbers permanently. He also notes that the security of the process hinges on that between a bank and its customer.
Orbiscom's system is due to launch in July.