Hubbry Logo
Controlled payment numberControlled payment numberMain
Open search
Controlled payment number
Community hub
Controlled payment number
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Controlled payment number
Controlled payment number
Controlled payment number
View on Wikipedia
from Wikipedia

A controlled payment number, disposable credit card or virtual credit card is an alias for a credit card number, with a limited number of transactions, and an expiration date between two and twelve months from the issue date. This "alias" number is indistinguishable from an ordinary credit card number, and the user's actual credit card number is never revealed to the merchant.

The technology was introduced primarily as an anti-fraud measure, so that a virtual unique credit card number may be generated to settle a specific transaction, on an exact date by an authorized individual. The possibility of a fraud occurring is significantly less than a traditional physical card, which can be lost, stolen or indeed cloned.

The number is generated through the use of either a Web application or a specialized client program, interacting with the card issuer's computer, and is linked to the actual credit card number. While it could usually be set up to allow multiple transactions, it could only be used with a single merchant. Consequently, if it is compromised a fraudulent user can usually not steal money, and the limit reduces how much a fraudulent person can steal.

The term "controlled payment number" is a trademark of Orbiscom.[1] The technology is also called by generic names "substitute credit card number", "one-time use credit card", "disposable credit card" and "virtual credit card number", or "virtual card number" (VCN).

Technologies

[edit]

Mastercard

[edit]

In January 2009, MasterCard acquired the controlled payment number system developed by Orbiscom, a Dublin-based payment processing company.[2] In the United States, the system is used by the following credit card issuers: Bank of America "ShopSafe" (inherited when it acquired MBNA) (and now discontinued-see below)[3] and Citibank "Virtual Account Numbers".[4] Examples from other countries are MBnet, which can create a payment number linked to virtually any credit or debit card emitted in Portugal.

Orbiscom's patented payment technologies have been integrated with MasterCard's global processing platform, "inControl".[5]

In 2013 Royal Bank of Scotland MasterCard customers became eligible for MasterCard's "enhanced Central Travel Service" (eCTS), which uses VCN technology. This service is intended to provide companies currently paying for travel through multiple accounts with a centralised travel payments system.[6]

In 2015 Etisalat Egypt, National bank of Egypt NBE and MasterCard launched Virtual Card Numbers via Flous service. The service works on any mobile phone. Every time a VCN is requested, a new one will be generated, and the user notified by SMS.

Discontinued programs

[edit]

On February 7, 2014, the US Discover Card discontinued its Secure Online Account Numbers service, saying that Discover no longer had access to the underlying technology. All existing Secure Online Account Numbers expired on March 16, 2014.[7]

In the UK, Ivobank offered a similar "virtual card" until it went bankrupt in 2009, and Cahoot withdrew their Webcard in October 2009.

American Express's "Private Payments" was available from late 2000 to 2004.

PayPal discontinued their virtual credit card service on September 22, 2010.[8]

UK-based Neteller offered Net+, a "virtual debit card" with card details generated uniquely for each transaction, from 2008 to 2012; it was discontinued on 29 February 2012, citing lack of use by customers.

Bank of America discontinued ShopSafe on September 5, 2019.

Virtual credit card

[edit]

A virtual credit card (VCC) is a virtual credit card number (VCN) typically used for online purchases, and often for single-use transactions. Virtual credit card numbers are not associated with a physical card, and consequently cannot be used for in-person transactions. Unlike the numbers generated by online credit card number generators, funds must be deposited into an account associated with the VCN prior to usage.

VCNs can be acquired from online VCN providers, banks, and some partners of Visa and MasterCard. Online VCN providers often assess service charges to pay banks, credit card companies, and/or credit networks for the costs of obtaining and servicing VCNs.

A virtual credit card includes three parts: [9]

  • Credit card number

Like standard Visa and MasterCard credit cards, the credit card number consists of sixteen digits.

  • CSC/CVC/CVV/CVV2

A card security code (CSC) (also termed card verification code (CVC) and card verification value (CVV/CVV2)) is also associated with the virtual credit card; as in standard credit cards, a CVV is used in virtual credit cards to establish card ownership by the buyer and to authorize transactions.

  • Date of expiration

Virtual credit cards often expire much sooner than physically issued credit cards, e.g., 60 days. As security is a primary reason for VCC usage, rapid turnover of VCNs prevents funds from being compromised for long periods of time.

References

[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Controlled payment number

View on Grokipedia
from Grokipedia
A controlled payment number, also known as a virtual card number or disposable card, is a temporary digital alias for an underlying account (such as , debit, or prepaid), typically consisting of a unique 16-digit number, , and security code, designed to limit exposure of the primary card details during or card-not-present transactions. Issued by financial institutions, it functions as a proxy that routes payments to the linked account while enforcing predefined controls such as spending limits, single-use restrictions, or merchant-specific validity to mitigate fraud risks. Originating from innovations in secure payment technology, the concept of controlled payment numbers was pioneered by companies like Orbiscom in the early 2000s, with the term itself serving as a trademark for their virtual card solutions before broader adoption under generic labels like virtual account numbers; the technology was further advanced when Mastercard acquired Orbiscom in 2009. These numbers operate through standard card networks such as Visa, Mastercard, or American Express, where the virtual details are processed like a traditional charge but expire automatically after use or a set period, ensuring that even if compromised, they cannot lead to unauthorized recurring charges. Unlike physical cards, they exist solely in digital form, often generated via banking apps or issuer portals, and are particularly useful for e-commerce, business-to-business payments, and high-risk purchases. The primary advantages of controlled payment numbers include enhanced security by masking the real card information, thereby reducing and impacts, as well as granular spend management that allows users—especially businesses—to set parameters like maximum amounts or approvals. Adoption has grown significantly in both consumer and commercial contexts, with major issuers like and integrating them into their services to promote safer digital transactions, though availability may vary by region and account type.

Overview

Definition

A controlled payment number (CPN) is an alias or proxy for a real credit card's primary account number (PAN), consisting of a 16-digit number, a card verification value (CVV), and an , specifically designed to mask the underlying PAN from merchants during . This structure allows the CPN to function seamlessly in standard payment ecosystems while protecting the actual account details from exposure in potentially insecure environments, such as online transactions. The term "controlled payment number" originated as a held by Orbiscom, referring to its ed technology for generating these proxy numbers with embedded user-defined restrictions, including limits on transaction counts (such as single-use or multi-use up to a predetermined number) and spending caps (such as a fixed monetary amount). These controls are enforced at the point of to prevent unauthorized or excessive usage, ensuring that each CPN operates within predefined parameters set by the account holder. In distinction from traditional physical credit cards, a controlled payment number is generated digitally and exists solely in electronic form, tailored for targeted applications like , without any associated physical medium. Its validity period is set for a predetermined duration, after which it expires to further limit potential exposure. The numbering format of a controlled payment number adheres to the ISO/IEC 7812 standard, which defines the structure for issuer identification and primary account numbering in payment cards, including the initial digits for the issuer identification number (IIN) followed by the account-specific digits and a . Transactions initiated with a CPN are routed back to the issuing through tokenization or systems, where the proxy is resolved to the true PAN for and settlement.

Purpose and Benefits

Controlled payment numbers primarily serve to bolster online payment security by substituting an alias for the genuine number, thereby curtailing the exposure of sensitive account details during transactions and mitigating risks associated with data breaches and card-not-present . This approach confines potential fraudulent activity to the temporary alias, safeguarding the primary card from compromise even if merchant systems are breached. As an anti-fraud mechanism, they enable users to conduct purchases without revealing full card information, particularly in high-risk digital environments. Key benefits encompass granular transaction controls, such as merchant locking to restrict usage to specific vendors, predefined spending limits to enforce budgets, and configurable expiration dates ranging from immediate single-use to several months, all of which thwart unauthorized exploitation. These features empower users with enhanced oversight, allowing real-time suspension or cancellation of the alias if suspicious activity arises, thus providing greater peace of mind for vulnerable scenarios like acquisitions, subscription enrollments, or isolated online expenditures where full card disclosure feels precarious. For budgeting, the imposed limits facilitate disciplined spending by capping allocations per alias, aligning with predefined financial parameters without impacting the core account. Unlike traditional credit cards, which do not automatically refuse recurring subscription charges and require users to manually contact merchants or request chargebacks to stop them—often with limited success due to services like Visa Account Updater that propagate new card details—controlled payment numbers provide an effective alternative for managing subscriptions. These virtual aliases enable users to prevent unauthorized recurring billing through features such as merchant-locked cards that restrict usage to specific vendors, spending limits that cap charges to avoid unexpected increases, single-use options that deactivate after one transaction, and automatic expiration dates that halt further billing after a set period. By assigning a unique controlled payment number to each subscription, users can easily pause, suspend, or delete the alias to terminate payments without affecting the primary card, offering superior control over recurring expenses compared to standard credit card mechanisms. On a broader scale, controlled payment numbers diminish rates for issuers and merchants by isolating fraudulent attempts to the disposable alias, streamlining through standard card-not-present chargeback protocols while preserving the integrity of the underlying account. This isolation reduces the propagation of across multiple transactions, lowering overall operational costs and enhancing trust in digital ecosystems.

History

Origins and Early Adoption

Controlled payment numbers originated in the late as a direct response to the surge in fraud during the rapid growth of . The technology was first conceptualized by Orbiscom, an Irish payment solutions company founded in 1999, which developed and trademarked "Controlled Payment Numbers" to enable secure transactions by generating alias card numbers that masked the actual details. This innovation addressed vulnerabilities in early shopping, where card-not-present transactions exposed consumers to risks like data interception and unauthorized reuse of card information. Early adoption began around 2000, with launching its Private Payments service in October of that year as one of the first major implementations. Private Payments allowed cardholders to generate disposable, single-use numbers for purchases, specifically designed to combat skimming and theft in the emerging era of digital retail. Orbiscom's technology powered similar offerings from other issuers starting in 2001, including pilots with (AIB) in Europe that integrated controlled numbers with Visa cards to enhance web security. These initial rollouts emphasized through anonymity, focusing on retail rather than business-to-business applications. Despite their promise, early controlled payment numbers faced significant challenges due to the nascent state of infrastructure and low awareness in the early . was hampered by limited compatibility with existing systems and a primary emphasis on cards, with pilots often restricted to single-use formats that required users to generate new numbers per transaction. This U.S.-centric focus, led by , initially confined widespread use to North American markets, though Orbiscom's European roots facilitated early trials there. By the mid-2000s, rising global card-not-present transactions drove expansion into and , where increasing volumes necessitated stronger fraud controls. Orbiscom's technology gained traction in European banking partnerships, while initial Asian implementations emerged through international networks like Visa and , adapting the system for regional online growth.

Key Milestones

In January 2009, acquired Orbiscom, a Dublin-based provider of solutions software, for a maximum consideration of $100 million, thereby integrating the company's patented controlled payment number technology into 's inControl platform to facilitate enhanced issuance and spending controls for cardholders. Throughout the , competing networks expanded similar alias services; Visa introduced its Alias Directory Service in 2018 as part of the Visa Direct platform, enabling the linkage of non-card identifiers like email addresses or phone numbers to underlying payment credentials for simplified and secure transactions. Integration of controlled payment numbers with mobile wallets also gained traction around 2013, supporting seamless use in digital environments. The European Union's , adopted in 2015 and applied from January 2018, further propelled adoption by mandating for electronic payments, positioning controlled payment numbers as a compliant tool for enhancing security without disrupting user experience. Between 2018 and 2020, usage surged amid the boom triggered by the , as consumers and businesses shifted to online and contactless payments, in response to heightened fraud concerns and digital demand. By 2022, major card networks were generating hundreds of millions of virtual aliases annually, reflecting widespread institutionalization of the technology across global ecosystems, according to industry analyses. Post-2022, virtual card transaction volumes continued to accelerate, with projections estimating over 121 billion transactions globally by 2027, driven by B2B and adoption.

Technical Mechanism

Generation Process

The generation of a controlled payment number begins when a user initiates a request through a , web interface, or provided by the or card network. This alias, which serves as a tokenized substitute for the primary account number (PAN), is created to enhance transaction security by masking the underlying card details. The process leverages tokenization techniques, where the generated number is securely mapped to the real PAN within a protected vault, preventing direct exposure of sensitive data during use. The technical steps involved in creating a controlled payment number are as follows:
  1. User Authentication: The system verifies the user's identity using methods, such as , one-time passwords, or device binding, to ensure only authorized account holders can request numbers.
  2. Input of Parameters: The user specifies controls like spending limits (e.g., a maximum amount), expiration dates, restrictions, or usage type (single-transaction or multi-use), which are incorporated into the number's configuration.
  3. Algorithmic Creation: An algorithm generates a compliant 16-digit number adhering to industry standards, including appropriate Bank Identification Number (BIN) ranges for routing, along with a unique CVV and expiration date; this ensures the alias functions seamlessly in payment systems without revealing the original PAN.
  4. Activation: The number is immediately activated upon generation, with its linkage to the real PAN stored in a secure token vault, enabling real-time authorization while maintaining isolation from the primary account.
On the backend, systems like Mastercard's Digital Enablement Service (MDES) play a central role in provisioning these numbers by handling token creation, distribution, and lifecycle management through encrypted APIs, all while adhering to PCI DSS standards for secure data handling and compliance. From the user's perspective, the process is instantaneous, typically completing in seconds via modern digital platforms, allowing for quick issuance of either single-use numbers for one-off transactions or recurring ones for ongoing , thereby supporting reduction efforts.

Usage and Controls

In transactions involving controlled payment numbers, users enter the alias number at online checkout as they would a standard . The processes the payment through the card network without alteration, but the intercepts and routes it to the underlying real account while enforcing predefined limits, such as blocking any transaction that exceeds authorized spending caps. Various control types can be applied to these numbers to manage and spending. Spending caps, for instance, restrict total usage to a fixed amount like $500, while merchant restrictions may limit transactions to a single vendor or category to prevent unauthorized use. Time-based locks further enhance control by setting expiration dates, such as deactivation after 24 hours, ensuring the number is only valid for the intended period. Monitoring features provide oversight throughout the payment lifecycle, including real-time alerts sent to the user or administrator for each transaction attempt or approval. Automatic deactivation occurs upon reaching a spending limit or expiration, minimizing exposure. For recurring billing scenarios, such as subscriptions, the system supports seamless updates to the merchant's records using the controlled number without revealing the primary card details. Unlike traditional credit cards, which do not automatically refuse recurring subscription charges and require manual intervention to stop them, controlled payment numbers enable precise management by setting spend limits to match the exact subscription fee, pausing or locking the card to block future charges, or using single-use options that expire after the initial transaction. Users can fund the card with the precise amount needed and configure it for automatic closure post-use, thereby preventing unwanted recurring charges. Controlled payment numbers are also effective for one-time subscriptions, such as those for AI platforms. To use them, the card is funded with the exact amount needed, such as the subscription fee. Selecting a U.S. Bank Identification Number (BIN) can improve success rates for processing. The spending limit is configured to the subscription amount. The card details—including number, expiration date, and CVV—are then entered at the payment gateway. After the transaction, the card is deleted or frozen to prevent further charges. If payment fails, switching to a different BIN or platform may resolve the issue. Integration with digital wallets like is possible for added convenience, allowing the controlled payment number to be tokenized and used in supported apps or browsers, though it remains primarily suited for online and card-not-present transactions rather than in-person swipes.

Implementations

Card Network Programs

Major card networks have developed standardized programs to facilitate controlled payment numbers, often in the form of virtual card numbers (VCNs) or tokenized aliases, enabling issuers and merchants to implement spending limits, transaction controls, and enhanced security across payment ecosystems. These initiatives emphasize and compliance with industry specifications to support secure, flexible payment processing in both and commercial contexts. Mastercard's inControl platform, launched following the acquisition of Orbiscom, provides a comprehensive solution for generating VCNs with customizable controls such as spending limits, merchant restrictions, and real-time alerts. This platform supports B2B payments by allowing dynamic VCN creation for specific transactions, streamlining commercial and travel payments while reducing fraud risks through limited-validity numbers. InControl integrates with APIs for virtual card management, enabling issuers to offer turn-key solutions for enhanced payment authorization and routing. In October 2025, Mastercard enhanced inControl with solutions for embedded finance and global clearing controls for virtual cards, set to be available in 2026. Visa offers alias services through its Developer Platform Services (DPS) and Account Updater program, which automate the exchange of updated account information, including tokenized aliases, between issuers and merchants to maintain seamless recurring payments. These services leverage Visa's network tokenization framework, where primary account numbers (PANs) are replaced with device- or merchant-specific tokens, providing flexible numbering options with built-in controls for usage restrictions and fraud prevention. Emphasis is placed on tokenization standards that ensure secure data handling and high authorization rates for controlled transactions. Discover introduced an early VCN program in the early , allowing cardholders to generate disposable numbers for online purchases with predefined limits, but discontinued standalone virtual card offerings around 2014 in favor of integrations with digital wallets. incorporates controlled aliases into its SafeKey authentication program, which uses 3-D Secure protocols to validate online transactions with tokenized identifiers, adding layers of for alias-based payments without disrupting user experience. Card network programs adhere to EMVCo's Payment Tokenisation Specification, a technical framework that defines roles, functions, and requirements for replacing PANs with secure tokens to promote across networks and merchants. This standard ensures that controlled payment numbers function seamlessly in global payment systems, supporting features like domain-specific restrictions and lifecycle management for tokens.

Bank and Issuer Services

Banks and card issuers deploy controlled payment numbers through dedicated services embedded in their digital banking ecosystems, empowering customers to generate temporary virtual card details with configurable limits, expiration dates, and merchant restrictions to mitigate fraud risks in online and mobile transactions. These offerings typically integrate seamlessly with existing account management tools, allowing users to create, monitor, and deactivate numbers directly from apps or websites without needing third-party intermediaries. Citibank's Virtual Account Numbers (VANs) service enables eligible credit cardholders to produce unique aliases via the platform, with preset spending limits, single-use options, and a mandatory 3-year expiration period that auto-renews; users can charge multiple VANs simultaneously, as they all draw from the single credit line, with total spending not exceeding the overall limit, and for repeat charges on the same VAN, a new CVV may need to be generated each time; following updates in August 2025 that invalidated prior numbers and limited customizations, the feature remains available at no extra cost as of November 2025 for enhanced data protection. Capital One integrates virtual number generation into its Eno digital assistant, which automatically creates merchant-locked numbers for and supports browser extensions for one-click autofill at checkout, thereby shielding the primary account from potential breaches during . extends virtual cards primarily to business clients through its commercial programs, permitting the issuance of single-transaction or reusable numbers with embedded controls like velocity limits and category restrictions, streamlining while minimizing unauthorized spending. Wells Fargo facilitates alias support via its digital wallet integrations, such as , where enrolled cards receive a unique virtual token that replaces the physical number for contactless and in-app payments, ensuring merchants never access the underlying account details. By managing these services in-house, issuers gain direct oversight of transaction flows, employing built-in analytics to track alias patterns, identify anomalies, and refine detection models, which collectively lowers rates and operational risks compared to standard card usage.

Modern Developments

Evolution to Virtual Cards

The term "controlled payment number," pioneered by Orbiscom in the late as a fraud-prevention tool for generating transaction-specific aliases, gradually evolved into the more encompassing "virtual card" nomenclature by the mid-2010s. This shift reflected the technology's maturation beyond basic to include digital-native capabilities such as instant issuance and programmatic controls, aligning with the broader adoption of mobile and online payments. By post-2015, virtual cards were increasingly distinguished for their seamless integration into digital ecosystems, moving away from the Orbiscom-era focus on consumer privacy to versatile tools for secure, ephemeral transactions. A pivotal evolution involved the integration of virtual cards with network token services, enhancing by replacing sensitive primary account numbers with device- or transaction-specific . For instance, Mastercard's Digital Enablement Service (MDES) and Visa's Token Service (VTS), both operational since the early , enable virtual cards to provision tokens for mobile wallets and in-app payments, reducing exposure while maintaining compatibility with existing rails. This integration facilitated the expansion of virtual cards from consumer to business-to-business (B2B) applications, particularly in , where issuers generate single-use or limited-scope cards for vendor payments, automating reconciliation and minimizing disputes. By the late , this B2B pivot allowed enterprises to embed virtual cards in workflows, streamlining cross-border transactions without exposing corporate card details. Technological advances further propelled this transition, with (AI) enabling dynamic features like automated limit suggestions based on spending patterns and risk profiles. AI algorithms analyze historical data to recommend optimal spending caps or expiration dates for virtual cards, improving controls in real-time environments such as corporate . In the early , virtual cards also gained compatibility with emerging digital assets, supporting hybrid payments that bridge traditional with cryptocurrencies through crypto-backed virtual cards issued via networks like Visa and . This interoperability extended to (NFT) marketplaces, where virtual cards facilitate secure fiat-to-digital asset conversions, though adoption remains niche due to volatility concerns. Market drivers accelerated this evolution, particularly the surge in following the , which saw U.S. online sales rise 43% from 2019 to 2020, heightening demand for secure, disposable payment options like virtual cards. Regulatory pressures, including the European Union's proposed Payment Services Directive 3 (PSD3)—expected to be adopted by late 2025, with implementation around 2027—will mandate the use of secure aliases and enhanced authentication for virtual cards, promoting their role in fraud-resistant payment ecosystems across the region. These factors collectively transformed controlled payment numbers into a foundational element of the virtual card landscape by 2025, emphasizing scalability and regulatory compliance. In 2025, several third-party providers dominate the landscape of virtual cards, which have evolved as advanced successors to traditional controlled payment numbers by offering enhanced privacy and control features. Privacy.com specializes in consumer-oriented virtual cards that allow users to generate disposable numbers locked to specific merchants, preventing unauthorized reuse and reducing fraud exposure. For business-to-business (B2B) applications, Ramp and Brex provide corporate virtual cards with real-time spending controls, such as customizable limits and automated approvals, enabling finance teams to monitor and restrict expenditures dynamically. Stripe Issuing stands out for its API-driven platform, which facilitates programmable virtual card generation for platforms and enterprises, integrating seamlessly into custom payment workflows. The virtual cards market in is valued at USD 5.42 in transaction value, with projections to reach USD 14.32 by 2030 at a (CAGR) of 21.45%, driven by increasing demand for secure digital transactions. Key trends include the rise of instant issuance capabilities, often completing in under one second via cloud-based processing, which accelerates for users and businesses alike. enhancements, such as ephemeral or single-use numbers that expire after one transaction, are gaining traction to mitigate breaches in . Adoption of virtual cards has surged among businesses, with corporate variants accounting for 68.6% of total usage in 2025, particularly in vendor payments, procurement, and travel expenses. According to the 2025 AFP Digital Payments Survey, nearly 60% of organizations express intent to increase reliance on digital methods. Virtual cards are used by a significant portion of organizations to streamline B2B payments and enhance security. Integration with digital wallets, such as Google Pay's virtual aliases, further boosts accessibility by tokenizing cards for contactless and use without exposing primary account details. Looking ahead, future developments in virtual cards emphasize integration for cross-border aliases, enabling faster and more transparent international transactions with reduced intermediary costs. Additionally, AI-powered detection tied to spending controls is emerging as a standard feature, using to analyze patterns in real-time and automatically pause suspicious activities.

Discontinued Programs

Notable Examples

One notable discontinued controlled payment program was Bank of America's ShopSafe, launched in December 2004 as a service allowing customers to generate temporary virtual numbers for secure purchases. ShopSafe enabled users to access the feature through the bank's website or portal, where they could create up to five unique aliases per session, each linked to their primary account but with customizable spending limits and expiration dates to enhance . The program was discontinued on September 20, 2019, following an announcement on September 5, 2019, as the bank shifted focus to . PayPal's Virtual Credit Card, introduced in the early , provided users with disposable card numbers generated from their PayPal account balance, functioning as virtual debit cards for online transactions where PayPal was not directly accepted. This service allowed customers to fund purchases directly from their e-wallet balance without exposing primary card details, emphasizing convenience for digital payments during the early growth of . It was available until its discontinuation on September 22, 2010, after which the feature was phased out as a . Discover Card's (VCN) program, active until its discontinuation in , offered cardholders the ability to create temporary numbers tied to their existing accounts, primarily designed to protect against in . Key features included automatic expiration of the virtual number after a single use or upon reaching a set limit, ensuring that unauthorized subsequent charges could not occur even if the number was compromised. Some reports noted the end date as February 7, , while others cited March 16, , reflecting a brief transition period. An early example in the space was American Express's Private Payments, launched in late 2000 and discontinued in 2004, which permitted eligible cardmembers to generate single-transaction aliases for enhanced during web-based purchases. These aliases were temporary numbers valid only for one specific purchase, shielding the primary card details from merchants and reducing exposure to data breaches in the nascent era of online retail. The service represented one of the first consumer-facing implementations of controlled payment numbers by a major issuer.

Reasons for Phase-Out

One primary reason for the phase-out of various controlled payment number programs was low adoption rates among consumers, who often remained unaware of the service or favored simpler security measures such as two-factor authentication. For instance, Bank of America's ShopSafe program, which allowed users to generate temporary virtual card numbers for online purchases, experienced limited uptake, leading to its discontinuation in September 2019. Bank officials noted that the service did not gain sufficient traction as users preferred established prevention tools over the added step of creating aliases. Technological obsolescence further contributed to the decline, as controlled payment numbers were largely superseded by more advanced solutions like network tokenization and protocols, which provide enhanced security without requiring user-generated aliases. Tokenization replaces sensitive card details with unique digital identifiers, significantly reducing risks in digital wallets such as , where device-bound tokens limit exposure during transactions. By 2025, over 35% of transactions globally utilized tokenization, diminishing the need for standalone virtual number programs that predated these innovations. Similarly, has evolved to enable seamless , further eroding the utility of earlier alias-based systems. High maintenance costs for issuers also played a role, as sustaining dedicated controlled payment infrastructures proved inefficient amid shifting priorities toward integrated platforms that consolidate security features. Banks faced ongoing expenses for system upkeep, compliance, and support, which outweighed benefits for underutilized services. The transition to unified virtual card ecosystems embedded in software allowed issuers to reduce these overheads while enhancing functionality. Finally, broader market consolidation in the payments industry post-2010 accelerated the phase-out of isolated programs, as major networks like Visa and absorbed virtual card technologies into comprehensive services such as Click to Pay and embedded payment solutions. This integration streamlined offerings by the 2020s, eliminating redundant standalone tools in favor of scalable, network-wide implementations that support biometric verification and one-click payments.

References

  1. https://www.mastercard.com.au/content/dam/public/mastercardcom/au/en/documents/Mastercard_WhitePaper_Virtual_Card_Services.pdf
  2. https://globalbanks.com/what-is-cpn/
  3. https://investor.mastercard.com/investor-news/investor-news-details/2009/MasterCard-Acquires-Orbiscom-to-Accelerate-Development-of-Innovative-Payment-Solutions/default.aspx
  4. https://payablesplace.ardentpartners.com/2014/10/virtual-payment-cards/
  5. https://www.capitalone.com/learn-grow/money-management/what-are-virtual-card-numbers/
  6. https://www.paypal.com/us/cshelp/article/questions-about-pay-later-single-use-virtual-card---in-store--help1298
  7. https://patents.justia.com/patent/8527416
  8. https://www.marqeta.com/blog/virtual-cards-vs-tokenized-cards
  9. https://www.marqeta.com/blog/virtual-cards-explainer
  10. https://www.iso.org/standard/70484.html
  11. https://www.experian.com/blogs/ask-experian/pros-cons-virtual-credit-cards/
  12. https://www.usbank.com/corporate-and-commercial-banking/insights/payments-hub/cards/virtual-account-protection.html
  13. https://ramp.com/blog/virtual-credit-card-guide
  14. https://www.wexinc.com/resources/blog/how-using-virtual-card-numbers-reduces-the-costs-of-doing-business/
  15. https://www.choice.com.au/money/credit-cards-and-loans/credit-cards/articles/cancelling-recurring-credit-card-charges
  16. https://www.privacy.com/blog/virtual-credit-card-acceptance-network
  17. https://www.remitly.com/blog/finance/virtual-credit-card/
  18. https://www.chargebackgurus.com/blog/google-virtual-cards
  19. https://www.altexsoft.com/blog/virtual-credit-cards-travel/
  20. https://www.irishtimes.com/business/mastercard-pays-100m-to-acquire-irish-based-orbiscom-1.1232383
  21. https://www.wsj.com/articles/SB979781563977212808
  22. https://www.forbes.com/2000/09/08/mu4.html
  23. https://www.ecommercetimes.com/story/amex-to-offer-disposable-credit-card-numbers-4230.html
  24. https://www.americanbanker.com/payments/news/do-virtual-card-numbers-represent-a-growing-market
  25. https://www.sabre.com/locations/apac/virtual-payments-the-power-of-an-orchestration-engine/
  26. https://www.cfo.com/news/will-virtual-cards-finally-find-a-big-market-in-ap/663984/
  27. https://www.reuters.com/article/markets/mastercard-acquires-software-provider-orbiscom-idUSN05368932/
  28. https://developer.visa.com/images2/products/visa_direct/ads_technical_specifications_v3.0.pdf
  29. https://www.juniperresearch.com/press/virtual-card-transactions-to-soar-globally/
  30. https://developer.mastercard.com/business-payment-controls/documentation/use-cases/05-tokenize-virtual-cards/
  31. https://stripe.com/resources/more/what-is-a-virtual-card-number-and-how-can-you-get-one
  32. https://www.forbes.com/advisor/credit-cards/virtual-credit-card-numbers-guide/
  33. https://developer.mastercard.com/mastercard-checkout-solutions/documentation/use-cases/virtual-card-tokens/
  34. https://www.aciworldwide.com/blog/a-primer-on-tokens-tokenization-payment-tokens-and-merchant-tokens
  35. https://developer.mastercard.com/mdes-token-connect/documentation/
  36. https://www.fintechinnovationlab.com/news/new-york/mastercard-tsys-and-extend-launch-mobile-virtual-card-solution-for-commercial-clients/
  37. https://developer.mastercard.com/product/in-control-for-commercial-payments/
  38. https://www.paywithextend.com/resource/how-virtual-credit-cards-enhance-security-and-control
  39. https://www.cnet.com/personal-finance/credit-cards/if-you-pay-for-subscriptions-you-need-a-virtual-card-heres-why/
  40. https://www.capitalone.com/learn-grow/money-management/virtual-cards-shopping-online/
  41. https://www.privacy.com/
  42. https://buvei.com/blog/best-virtual-cards-for-digital-content-subscriptions/
  43. https://www.paywithextend.com/resource/how-to-use-a-virtual-card
  44. https://developer.mastercard.com/mastercard-processing-digital/documentation/use-cases/enable-card-apple-pay-issuer-mobile-app/
  45. https://www.emvco.com/emv-technologies/payment-tokenisation/
  46. https://www.mastercard.us/content/dam/public/mastercardcom/na/us/en/large-enterprises/other/use-case-for-issuers-enabling-in-control-for-commercial-payments-04122019.pdf
  47. https://www.pymnts.com/mastercard/2025/mastercard-adds-solutions-for-embedded-finance-and-virtual-card-controls/
  48. https://developer.visa.com/capabilities/alias-directory-service/docs-how-to
  49. https://usa.visa.com/dam/VCOM/download/merchants/visa-account-updater-product-information-fact-sheet-for-merchants.pdf
  50. https://corporate.visa.com/en/solutions/commercial-solutions/knowledge-hub/tokenization.html
  51. https://www.americanexpress.com/us/security-center/safekey/
  52. https://network.americanexpress.com/globalnetwork/dam/jcr:1db1ecb7-1931-4616-911b-4cc603c2c4bb/SafeKey-FAQs-US.pdf
  53. https://www.emvco.com/knowledge-hub/the-what-why-and-how-of-emv-payment-tokenisation/
  54. https://upgradedpoints.com/news/citi-virtual-card-number-update/
  55. https://thepointsguy.com/credit-cards/what-is-a-virtual-credit-card-number/
  56. https://www.creditcards.com/education/credit-card-virtual-account-numbers/
  57. https://www.bogleheads.org/forum/viewtopic.php?t=460142
  58. https://www.capitalone.com/digital/tools/eno/
  59. https://www.capitalone.com/help-center/credit-cards/using-virtual-credit-cards/
  60. https://www.jpmorgan.com/payments/solutions/commercial-cards/ts-virtual-card
  61. https://www.jpmorgan.com/insights/treasury/cards-expense-management/what-is-a-virtual-credit-card-and-how-does-it-work
  62. https://www.wellsfargo.com/help/mobile-features/google-pay-faqs/
  63. https://www.wellsfargo.com/mobile-online-banking/transfer-pay/digital-wallet/index/
  64. https://digitalbytes.substack.com/p/evolution-of-virtual-credit-and-debit
  65. https://www.mastercard.com/content/dam/public/mastercardcom/globalrisk/pdf/US-Payments-Security-Evolution-and-Strategic-Road-Map-for-Release.pdf
  66. https://docs.thredd.com/pdf/Tokenisation_Service_Guide_1.9.pdf
  67. https://www.americanexpress.com/content/dam/amex/us/merchant/pdf/bcfm/Virtual-Cards-Future-of-B2B-Payments.pdf
  68. https://www.wexinc.com/resources/blog/how-to-simplify-b2b-payments-without-disrupting-your-supply-chain/
  69. https://sidgs.com/article/ai-driven-innovations-in-payment-cards-for-banks-transforming-security-efficiency-and-customer-experience/
  70. https://evercodelab.com/blog/virtual-crypto-cards-the-future-of-spending-in-white-label-wallets/
  71. https://koinly.io/blog/nft-trading-cards/
  72. https://www.census.gov/library/stories/2022/04/ecommerce-sales-surged-during-pandemic.html
  73. https://www.adyen.com/knowledge-hub/psd3
  74. https://ramp.com/blog/privacy-dot-com-alternatives
  75. https://www.zeni.ai/blog/best-corporate-credit-cards
  76. https://navan.com/blog/brex-alternatives
  77. https://www.linkedin.com/pulse/top-virtual-credit-cards-companies-how-compare-f6vzc/
  78. https://www.mordorintelligence.com/industry-reports/virtual-cards-market
  79. https://www.galileo-ft.com/blog/galileo-best-digital-issuance-javelin-2025/
  80. https://www.wooshpay.com/ko/%25EB%25A6%25AC%25EC%2586%258C%25EC%258A%25A4/%25EC%25A7%2580%25EC%258B%259D/2025/07/31/top-3-virtual-cards-for-online-shopping-in-2025/
  81. https://coinlaw.io/virtual-credit-card-statistics/
  82. https://www.jpmorgan.com/insights/payments/trends-innovation/afp-digital-payments-survey-2025
  83. https://www.citizensbank.com/corporate-finance/insights/mitigate-fraud-with-virtual-cards.aspx
  84. https://bvnk.com/blog/blockchain-cross-border-payments
  85. https://buvei.com/blog/emerging-virtual-card-innovations-for-2025/
  86. https://finovate.com/category/bank-of-america/page/9/
  87. https://www.pcmag.com/news/5-things-you-should-know-about-virtual-credit-cards
  88. https://www.doctorofcredit.com/bank-of-america-discontinues-shopsafe-virtual-credit-card-numbers/
  89. https://www.sec.gov/Archives/edgar/data/1103415/000091205702009834/a2073071z10-k405.htm
  90. https://ppl.lithium.com/t5/Buying-with-PayPal/PayPal-virtual-debit-card-does-it-still-exist-and-where-do-I/m-p/275968
  91. https://enewspaper.latimes.com/infinity/article_popover_share.aspx?guid=47a1305b-851f-4d5a-9824-2b596d22a5b0
  92. https://money.stackexchange.com/questions/16999/virtual-one-time-card-number-expiration-period
  93. https://kadansky.com/files/newsletters/2010/2010_12_29.html
  94. https://www.cleveland.com/moneymatters/2019/12/why-dont-more-banks-offer-virtual-card-numbers-if-theyre-safer-money-matters.html
  95. https://www.mastercard.com/global/en/news-and-trends/stories/2025/one-click-checkout.html
  96. https://glenbrook.com/payments_views/we-really-cant-stop-talking-about-tokenization-a-2025-update/
  97. https://www.payments.ca/achieving-secure-and-seamless-online-payment-experiences-through-network-tokenization
  98. https://lumindigital.com/insights/the-top-7-costs-of-standing-still-with-banking-technology/
  99. https://www.mastercard.com/news/press/2025/march/mastercard-is-modernizing-commercial-payments-with-embedded-virtual-card-technology/
  100. https://www.mastercard.com/us/en/news-and-trends/Insights/2024/virtual-cards-101-simplifying-commercial-payments.html
  101. https://www.pymnts.com/credit-cards/2024/visa-unveils-new-push-to-wallet-virtual-card-solutions
Add your contribution
Related Hubs
User Avatar
No comments yet.