Hubbry Logo
search
logo
Controlled payment number avatar
Controlled payment number
Controlled payment number
current hub
C

Controlled payment number

logo
Community Hub0 Subscribers
Read side by side
Controlled payment number
View on Wikipedia
from Wikipedia

A controlled payment number, disposable credit card or virtual credit card is an alias for a credit card number, with a limited number of transactions, and an expiration date between two and twelve months from the issue date. This "alias" number is indistinguishable from an ordinary credit card number, and the user's actual credit card number is never revealed to the merchant.

The technology was introduced primarily as an anti-fraud measure, so that a virtual unique credit card number may be generated to settle a specific transaction, on an exact date by an authorized individual. The possibility of a fraud occurring is significantly less than a traditional physical card, which can be lost, stolen or indeed cloned.

The number is generated through the use of either a Web application or a specialized client program, interacting with the card issuer's computer, and is linked to the actual credit card number. While it could usually be set up to allow multiple transactions, it could only be used with a single merchant. Consequently, if it is compromised a fraudulent user can usually not steal money, and the limit reduces how much a fraudulent person can steal.

The term "controlled payment number" is a trademark of Orbiscom.[1] The technology is also called by generic names "substitute credit card number", "one-time use credit card", "disposable credit card" and "virtual credit card number", or "virtual card number" (VCN).

Technologies

[edit]

Mastercard

[edit]

In January 2009, MasterCard acquired the controlled payment number system developed by Orbiscom, a Dublin-based payment processing company.[2] In the United States, the system is used by the following credit card issuers: Bank of America "ShopSafe" (inherited when it acquired MBNA) (and now discontinued-see below)[3] and Citibank "Virtual Account Numbers".[4] Examples from other countries are MBnet, which can create a payment number linked to virtually any credit or debit card emitted in Portugal.

Orbiscom's patented payment technologies have been integrated with MasterCard's global processing platform, "inControl".[5]

In 2013 Royal Bank of Scotland MasterCard customers became eligible for MasterCard's "enhanced Central Travel Service" (eCTS), which uses VCN technology. This service is intended to provide companies currently paying for travel through multiple accounts with a centralised travel payments system.[6]

In 2015 Etisalat Egypt, National bank of Egypt NBE and MasterCard launched Virtual Card Numbers via Flous service. The service works on any mobile phone. Every time a VCN is requested, a new one will be generated, and the user notified by SMS.

Discontinued programs

[edit]

On February 7, 2014, the US Discover Card discontinued its Secure Online Account Numbers service, saying that Discover no longer had access to the underlying technology. All existing Secure Online Account Numbers expired on March 16, 2014.[7]

In the UK, Ivobank offered a similar "virtual card" until it went bankrupt in 2009, and Cahoot withdrew their Webcard in October 2009.

American Express's "Private Payments" was available from late 2000 to 2004.

PayPal discontinued their virtual credit card service on September 22, 2010.[8]

UK-based Neteller offered Net+, a "virtual debit card" with card details generated uniquely for each transaction, from 2008 to 2012; it was discontinued on 29 February 2012, citing lack of use by customers.

Bank of America discontinued ShopSafe on September 5, 2019.

Virtual credit card

[edit]

A virtual credit card (VCC) is a virtual credit card number (VCN) typically used for online purchases, and often for single-use transactions. Virtual credit card numbers are not associated with a physical card, and consequently cannot be used for in-person transactions. Unlike the numbers generated by online credit card number generators, funds must be deposited into an account associated with the VCN prior to usage.

VCNs can be acquired from online VCN providers, banks, and some partners of Visa and MasterCard. Online VCN providers often assess service charges to pay banks, credit card companies, and/or credit networks for the costs of obtaining and servicing VCNs.

A virtual credit card includes three parts: [9]

  • Credit card number

Like standard Visa and MasterCard credit cards, the credit card number consists of sixteen digits.

  • CSC/CVC/CVV/CVV2

A card security code (CSC) (also termed card verification code (CVC) and card verification value (CVV/CVV2)) is also associated with the virtual credit card; as in standard credit cards, a CVV is used in virtual credit cards to establish card ownership by the buyer and to authorize transactions.

  • Date of expiration

Virtual credit cards often expire much sooner than physically issued credit cards, e.g., 60 days. As security is a primary reason for VCC usage, rapid turnover of VCNs prevents funds from being compromised for long periods of time.

References

[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Controlled payment number

View on Grokipedia
from Grokipedia
A controlled payment number, also known as a virtual card number or disposable card, is a temporary digital alias for an underlying payment card account (such as credit, debit, or prepaid), typically consisting of a unique 16-digit number, expiration date, and security code, designed to limit exposure of the primary card details during online or card-not-present transactions.[1] Issued by financial institutions, it functions as a proxy that routes payments to the linked account while enforcing predefined controls such as spending limits, single-use restrictions, or merchant-specific validity to mitigate fraud risks.[2] Originating from innovations in secure payment technology, the concept of controlled payment numbers was pioneered by companies like Orbiscom in the early 2000s, with the term itself serving as a trademark for their virtual card solutions before broader adoption under generic labels like virtual account numbers; the technology was further advanced when Mastercard acquired Orbiscom in 2009.[3] These numbers operate through standard card networks such as Visa, Mastercard, or American Express, where the virtual details are processed like a traditional charge but expire automatically after use or a set period, ensuring that even if compromised, they cannot lead to unauthorized recurring charges.[4] Unlike physical cards, they exist solely in digital form, often generated via banking apps or issuer portals, and are particularly useful for e-commerce, business-to-business payments, and high-risk purchases.[1] The primary advantages of controlled payment numbers include enhanced security by masking the real card information, thereby reducing identity theft and data breach impacts, as well as granular spend management that allows users—especially businesses—to set parameters like maximum amounts or vendor approvals.[2] Adoption has grown significantly in both consumer and commercial contexts, with major issuers like Capital One and PayPal integrating them into their services to promote safer digital transactions, though availability may vary by region and account type.[5][6]

Overview

Definition

A controlled payment number (CPN) is an alias or proxy for a real credit card's primary account number (PAN), consisting of a 16-digit number, a card verification value (CVV), and an expiration date, specifically designed to mask the underlying PAN from merchants during payment processing.[7] This structure allows the CPN to function seamlessly in standard payment ecosystems while protecting the actual account details from exposure in potentially insecure environments, such as online transactions.[8] The term "controlled payment number" originated as a trademark held by Orbiscom, referring to its patented technology for generating these proxy numbers with embedded user-defined restrictions, including limits on transaction counts (such as single-use or multi-use up to a predetermined number) and spending caps (such as a fixed monetary amount).[3] These controls are enforced at the point of authorization to prevent unauthorized or excessive usage, ensuring that each CPN operates within predefined parameters set by the account holder.[7] In distinction from traditional physical credit cards, a controlled payment number is generated digitally and exists solely in electronic form, tailored for targeted applications like e-commerce, without any associated physical medium.[9] Its validity period is set for a predetermined duration, after which it expires to further limit potential exposure.[7] The numbering format of a controlled payment number adheres to the ISO/IEC 7812 standard, which defines the structure for issuer identification and primary account numbering in payment cards, including the initial digits for the issuer identification number (IIN) followed by the account-specific digits and a check digit.[10] Transactions initiated with a CPN are routed back to the issuing financial institution through tokenization or aliasing systems, where the proxy is resolved to the true PAN for authorization and settlement.[7]

Purpose and Benefits

Controlled payment numbers primarily serve to bolster online payment security by substituting an alias for the genuine credit card number, thereby curtailing the exposure of sensitive account details during transactions and mitigating risks associated with data breaches and card-not-present fraud.[1] This approach confines potential fraudulent activity to the temporary alias, safeguarding the primary card from compromise even if merchant systems are breached.[11] As an anti-fraud mechanism, they enable users to conduct purchases without revealing full card information, particularly in high-risk digital environments.[12] Key benefits encompass granular transaction controls, such as merchant locking to restrict usage to specific vendors, predefined spending limits to enforce budgets, and configurable expiration dates ranging from immediate single-use to several months, all of which thwart unauthorized exploitation.[1] These features empower users with enhanced oversight, allowing real-time suspension or cancellation of the alias if suspicious activity arises, thus providing greater peace of mind for vulnerable scenarios like e-commerce acquisitions, subscription enrollments, or isolated online expenditures where full card disclosure feels precarious.[13] Moreover, as controlled payment numbers are issued on major networks such as Visa and Mastercard, they are generally accepted by merchants wherever traditional credit cards are supported, particularly for online transactions, contactless payments, and subscriptions, enabling convenient use at major platforms including Amazon, Netflix, Spotify, Booking.com, and Airbnb.[14][15] However, acceptance varies by merchant policy, and some may restrict virtual or prepaid cards for high-risk categories such as gambling, money transfers, cryptocurrency purchases, or certain in-store uses.[16] For budgeting, the imposed limits facilitate disciplined spending by capping allocations per alias, aligning with predefined financial parameters without impacting the core account.[17] Unlike traditional credit cards, which do not automatically refuse recurring subscription charges and require users to manually contact merchants or request chargebacks to stop them—often with limited success due to services like Visa Account Updater that propagate new card details—controlled payment numbers provide an effective alternative for managing subscriptions.[18] These virtual aliases enable users to prevent unauthorized recurring billing through features such as merchant-locked cards that restrict usage to specific vendors, spending limits that cap charges to avoid unexpected increases, single-use options that deactivate after one transaction, and automatic expiration dates that halt further billing after a set period.[19][20] By assigning a unique controlled payment number to each subscription, users can easily pause, suspend, or delete the alias to terminate payments without affecting the primary card, offering superior control over recurring expenses compared to standard credit card mechanisms.[19] On a broader scale, controlled payment numbers diminish chargeback rates for issuers and merchants by isolating fraudulent attempts to the disposable alias, streamlining dispute resolution through standard card-not-present chargeback protocols while preserving the integrity of the underlying account.[12] This isolation reduces the propagation of fraud across multiple transactions, lowering overall operational costs and enhancing trust in digital payment ecosystems.[21]

History

Origins and Early Adoption

Controlled payment numbers originated in the late 1990s as a direct response to the surge in online fraud during the rapid growth of e-commerce.[22] The technology was first conceptualized by Orbiscom, an Irish payment solutions company founded in 1999, which developed and trademarked "Controlled Payment Numbers" to enable secure online transactions by generating alias card numbers that masked the actual credit card details.[23][8] This innovation addressed vulnerabilities in early internet shopping, where card-not-present transactions exposed consumers to risks like data interception and unauthorized reuse of card information.[24] Early adoption began around 2000, with American Express launching its Private Payments service in October of that year as one of the first major implementations.[25] Private Payments allowed cardholders to generate disposable, single-use numbers for online purchases, specifically designed to combat skimming and theft in the emerging era of digital retail.[26] Orbiscom's technology powered similar offerings from other issuers starting in 2001, including pilots with Allied Irish Banks (AIB) in Europe that integrated controlled numbers with Visa cards to enhance web security.[27] These initial rollouts emphasized consumer protection through anonymity, focusing on retail e-commerce rather than business-to-business applications. Despite their promise, early controlled payment numbers faced significant challenges due to the nascent state of internet infrastructure and low consumer awareness in the early 2000s.[27] Adoption was hampered by limited compatibility with existing merchant systems and a primary emphasis on consumer cards, with pilots often restricted to single-use formats that required users to generate new numbers per transaction.[25] This U.S.-centric focus, led by American Express, initially confined widespread use to North American markets, though Orbiscom's European roots facilitated early trials there.[9] By the mid-2000s, rising global card-not-present transactions drove expansion into Europe and Asia, where increasing e-commerce volumes necessitated stronger fraud controls.[28] Orbiscom's technology gained traction in European banking partnerships, while initial Asian implementations emerged through international networks like Visa and MasterCard, adapting the system for regional online growth.[29]

Key Milestones

In January 2009, Mastercard acquired Orbiscom, a Dublin-based provider of payment solutions software, for a maximum consideration of $100 million, thereby integrating the company's patented controlled payment number technology into Mastercard's inControl platform to facilitate enhanced issuance and spending controls for cardholders.[3][30] Throughout the 2010s, competing networks expanded similar alias services; Visa introduced its Alias Directory Service in 2018 as part of the Visa Direct platform, enabling the linkage of non-card identifiers like email addresses or phone numbers to underlying payment credentials for simplified and secure transactions.[31] Integration of controlled payment numbers with mobile wallets also gained traction around 2013, supporting seamless use in digital environments. The European Union's Payment Services Directive 2 (PSD2), adopted in 2015 and applied from January 2018, further propelled adoption by mandating strong customer authentication for electronic payments, positioning controlled payment numbers as a compliant tool for enhancing security without disrupting user experience. Between 2018 and 2020, usage surged amid the e-commerce boom triggered by the COVID-19 pandemic, as consumers and businesses shifted to online and contactless payments, in response to heightened fraud concerns and digital demand. By 2022, major card networks were generating hundreds of millions of virtual aliases annually, reflecting widespread institutionalization of the technology across global payment ecosystems, according to industry analyses. Post-2022, virtual card transaction volumes continued to accelerate, with projections estimating over 121 billion transactions globally by 2027, driven by B2B and e-commerce adoption.[32]

Technical Mechanism

Generation Process

The generation of a controlled payment number begins when a user initiates a request through a mobile app, web interface, or API provided by the issuing bank or card network. This alias, which serves as a tokenized substitute for the primary account number (PAN), is created to enhance transaction security by masking the underlying card details. The process leverages tokenization techniques, where the generated number is securely mapped to the real PAN within a protected vault, preventing direct exposure of sensitive data during use.[33] The technical steps involved in creating a controlled payment number are as follows:
  1. User Authentication: The system verifies the user's identity using multi-factor authentication methods, such as biometrics, one-time passwords, or device binding, to ensure only authorized account holders can request numbers.[34]
  2. Input of Parameters: The user specifies controls like spending limits (e.g., a maximum dollar amount), expiration dates, merchant restrictions, or usage type (single-transaction or multi-use), which are incorporated into the number's configuration.[35]
  3. Algorithmic Creation: An algorithm generates a compliant 16-digit number adhering to industry standards, including appropriate Bank Identification Number (BIN) ranges for routing, along with a unique CVV and expiration date; this ensures the alias functions seamlessly in payment systems without revealing the original PAN.[36]
  4. Activation: The number is immediately activated upon generation, with its linkage to the real PAN stored in a secure token vault, enabling real-time authorization while maintaining isolation from the primary account.[37]
On the backend, systems like Mastercard's Digital Enablement Service (MDES) play a central role in provisioning these numbers by handling token creation, distribution, and lifecycle management through encrypted APIs, all while adhering to PCI DSS standards for secure data handling and compliance.[38][39] From the user's perspective, the process is instantaneous, typically completing in seconds via modern digital platforms, allowing for quick issuance of either single-use numbers for one-off transactions or recurring ones for ongoing payments, thereby supporting fraud reduction efforts.[13][34]

Usage and Controls

In transactions involving controlled payment numbers, users enter the alias number at online checkout as they would a standard credit card. Controlled payment numbers, typically issued on major card networks such as Visa and Mastercard, are widely accepted by merchants wherever regular credit cards from these networks are supported, particularly for online and contactless payments (when tokenized in digital wallets). Major examples include platforms such as Amazon, eBay, Walmart, Target, AliExpress, subscription services (Netflix, Spotify), travel platforms (Booking.com, Expedia, Airbnb), and services like Uber and Deliveroo. However, acceptance varies by merchant policy, and some may impose restrictions on virtual or prepaid cards for categories such as gambling, money transfers, or certain in-store uses.[40][15] The merchant processes the payment through the card network without alteration, but the issuing bank intercepts and routes it to the underlying real account while enforcing predefined limits, such as blocking any transaction that exceeds authorized spending caps.[41][3] Various control types can be applied to these numbers to manage risk and spending. Spending caps, for instance, restrict total usage to a fixed amount like $500, while merchant restrictions may limit transactions to a single vendor or category to prevent unauthorized use. Time-based locks further enhance control by setting expiration dates, such as deactivation after 24 hours, ensuring the number is only valid for the intended period.[41][42] Monitoring features provide oversight throughout the payment lifecycle, including real-time alerts sent to the user or administrator for each transaction attempt or approval. Automatic deactivation occurs upon reaching a spending limit or expiration, minimizing exposure. For recurring billing scenarios, such as subscriptions, the system supports seamless updates to the merchant's records using the controlled number without revealing the primary card details. Unlike traditional credit cards, which do not automatically refuse recurring subscription charges and require manual intervention to stop them, controlled payment numbers enable precise management by setting spend limits to match the exact subscription fee, pausing or locking the card to block future charges, or using single-use options that expire after the initial transaction. Users can fund the card with the precise amount needed and configure it for automatic closure post-use, thereby preventing unwanted recurring charges.[41][42][43][44][45] Controlled payment numbers are also effective for one-time subscriptions, such as those for AI platforms. To use them, the card is funded with the exact amount needed, such as the subscription fee. Selecting a U.S. Bank Identification Number (BIN) can improve success rates for processing. The spending limit is configured to the subscription amount. The card details—including number, expiration date, and CVV—are then entered at the payment gateway. After the transaction, the card is deleted or frozen to prevent further charges. If payment fails, switching to a different BIN or platform may resolve the issue.[46][47][43] Integration with digital wallets like Apple Pay is possible for added convenience, allowing the controlled payment number to be tokenized and used in supported apps or browsers, though it remains primarily suited for online and card-not-present transactions rather than in-person swipes.[48]

Implementations

Card Network Programs

Major card networks have developed standardized programs to facilitate controlled payment numbers, often in the form of virtual card numbers (VCNs) or tokenized aliases, enabling issuers and merchants to implement spending limits, transaction controls, and enhanced security across payment ecosystems. These initiatives emphasize interoperability and compliance with industry specifications to support secure, flexible payment processing in both consumer and commercial contexts.[49] Mastercard's inControl platform, launched following the 2009 acquisition of Orbiscom, provides a comprehensive solution for generating VCNs with customizable controls such as spending limits, merchant restrictions, and real-time alerts. This platform supports B2B payments by allowing dynamic VCN creation for specific transactions, streamlining commercial and travel payments while reducing fraud risks through limited-validity numbers. InControl integrates with APIs for virtual card management, enabling issuers to offer turn-key solutions for enhanced payment authorization and routing. In October 2025, Mastercard enhanced inControl with solutions for embedded finance and global clearing controls for virtual cards, set to be available in 2026.[3][41][50][51] Visa offers alias services through its Developer Platform Services (DPS) and Account Updater program, which automate the exchange of updated account information, including tokenized aliases, between issuers and merchants to maintain seamless recurring payments. These services leverage Visa's network tokenization framework, where primary account numbers (PANs) are replaced with device- or merchant-specific tokens, providing flexible numbering options with built-in controls for usage restrictions and fraud prevention. Emphasis is placed on tokenization standards that ensure secure data handling and high authorization rates for controlled transactions.[52][53][54] Discover introduced an early VCN program in the early 2000s, allowing cardholders to generate disposable numbers for online purchases with predefined limits, but discontinued standalone virtual card offerings around 2014 in favor of integrations with digital wallets. American Express incorporates controlled aliases into its SafeKey authentication program, which uses EMV 3-D Secure protocols to validate online transactions with tokenized identifiers, adding layers of security for alias-based payments without disrupting user experience.[55][56] Card network programs adhere to EMVCo's Payment Tokenisation Specification, a technical framework that defines roles, functions, and requirements for replacing PANs with secure tokens to promote interoperability across networks and merchants. This standard ensures that controlled payment numbers function seamlessly in global payment systems, supporting features like domain-specific restrictions and lifecycle management for tokens.[49][57]

Bank and Issuer Services

Banks and card issuers deploy controlled payment numbers through dedicated services embedded in their digital banking ecosystems, empowering customers to generate temporary virtual card details with configurable limits, expiration dates, and merchant restrictions to mitigate fraud risks in online and mobile transactions. These offerings typically integrate seamlessly with existing account management tools, allowing users to create, monitor, and deactivate numbers directly from apps or websites without needing third-party intermediaries. Citibank's Virtual Account Numbers (VANs) service enables eligible credit cardholders to produce unique aliases via the online banking platform, with preset spending limits, single-use options, and a mandatory 3-year expiration period that auto-renews; users can charge multiple VANs simultaneously, as they all draw from the single credit line, with total spending not exceeding the overall limit, and for repeat charges on the same VAN, a new CVV may need to be generated each time; following updates in August 2025 that invalidated prior numbers and limited customizations, the feature remains available at no extra cost as of November 2025 for enhanced data protection.[58][59][60][61] Capital One integrates virtual number generation into its Eno digital assistant, which automatically creates merchant-locked numbers for e-commerce and supports browser extensions for one-click autofill at checkout, thereby shielding the primary account from potential breaches during online shopping.[62][15] JPMorgan Chase extends virtual cards primarily to business clients through its commercial programs, permitting the issuance of single-transaction or reusable numbers with embedded controls like velocity limits and category restrictions, streamlining expense management while minimizing unauthorized spending.[63][64] Wells Fargo facilitates alias support via its digital wallet integrations, such as Google Pay, where enrolled cards receive a unique virtual token that replaces the physical number for contactless and in-app payments, ensuring merchants never access the underlying account details.[65][66] By managing these services in-house, issuers gain direct oversight of transaction flows, employing built-in analytics to track alias patterns, identify anomalies, and refine fraud detection models, which collectively lowers chargeback rates and operational risks compared to standard card usage.[11][12]

Modern Developments

Evolution to Virtual Cards

The term "controlled payment number," pioneered by Orbiscom in the late 1990s as a fraud-prevention tool for generating transaction-specific credit card aliases, gradually evolved into the more encompassing "virtual card" nomenclature by the mid-2010s. This shift reflected the technology's maturation beyond basic aliasing to include digital-native capabilities such as instant issuance and programmatic controls, aligning with the broader adoption of mobile and online payments.[67][3] By post-2015, virtual cards were increasingly distinguished for their seamless integration into digital ecosystems, moving away from the Orbiscom-era focus on consumer privacy to versatile tools for secure, ephemeral transactions.[68] A pivotal evolution involved the integration of virtual cards with network token services, enhancing security by replacing sensitive primary account numbers with device- or transaction-specific tokens. For instance, Mastercard's Digital Enablement Service (MDES) and Visa's Token Service (VTS), both operational since the early 2010s, enable virtual cards to provision tokens for mobile wallets and in-app payments, reducing fraud exposure while maintaining compatibility with existing payment rails.[69] This integration facilitated the expansion of virtual cards from consumer e-commerce to business-to-business (B2B) applications, particularly in supply chain finance, where issuers generate single-use or limited-scope cards for vendor payments, automating reconciliation and minimizing disputes.[70] By the late 2010s, this B2B pivot allowed enterprises to embed virtual cards in procurement workflows, streamlining cross-border transactions without exposing corporate card details.[71] Technological advances further propelled this transition, with artificial intelligence (AI) enabling dynamic features like automated limit suggestions based on spending patterns and risk profiles. AI algorithms analyze historical data to recommend optimal spending caps or expiration dates for virtual cards, improving controls in real-time environments such as corporate expense management.[72] In the early 2020s, virtual cards also gained compatibility with emerging digital assets, supporting hybrid payments that bridge traditional fiat with cryptocurrencies through crypto-backed virtual cards issued via networks like Visa and Mastercard.[73] This interoperability extended to non-fungible token (NFT) marketplaces, where virtual cards facilitate secure fiat-to-digital asset conversions, though adoption remains niche due to volatility concerns.[74] Market drivers accelerated this evolution, particularly the surge in e-commerce following the COVID-19 pandemic, which saw U.S. online sales rise 43% from 2019 to 2020, heightening demand for secure, disposable payment options like virtual cards.[75] Regulatory pressures, including the European Union's proposed Payment Services Directive 3 (PSD3)—expected to be adopted by late 2025, with implementation around 2027—will mandate the use of secure aliases and enhanced authentication for virtual cards, promoting their role in fraud-resistant payment ecosystems across the region.[76] These factors collectively transformed controlled payment numbers into a foundational element of the virtual card landscape by 2025, emphasizing scalability and regulatory compliance.[76]

Current Providers and Trends

In 2025, several third-party providers dominate the landscape of virtual cards, which have evolved as advanced successors to traditional controlled payment numbers by offering enhanced privacy and control features. Privacy.com specializes in consumer-oriented virtual cards that allow users to generate disposable numbers locked to specific merchants, preventing unauthorized reuse and reducing fraud exposure.[77] For business-to-business (B2B) applications, Ramp and Brex provide corporate virtual cards with real-time spending controls, such as customizable limits and automated approvals, enabling finance teams to monitor and restrict expenditures dynamically.[78][79] Stripe Issuing stands out for its API-driven platform, which facilitates programmable virtual card generation for platforms and enterprises, integrating seamlessly into custom payment workflows.[80] The virtual cards market in 2025 is valued at USD 5.42 trillion in transaction value, with projections to reach USD 14.32 trillion by 2030 at a compound annual growth rate (CAGR) of 21.45%, driven by increasing demand for secure digital transactions.[81] Key trends include the rise of instant issuance capabilities, often completing in under one second via cloud-based processing, which accelerates onboarding for users and businesses alike.[82] Privacy enhancements, such as ephemeral or single-use numbers that expire after one transaction, are gaining traction to mitigate data breaches in e-commerce.[83] Adoption of virtual cards has surged among businesses, with corporate variants accounting for 68.6% of total usage in 2025, particularly in vendor payments, procurement, and travel expenses.[84] According to the 2025 AFP Digital Payments Survey, nearly 60% of organizations express intent to increase reliance on digital methods.[85] Virtual cards are used by a significant portion of organizations to streamline B2B payments and enhance security.[86] Integration with digital wallets, such as Google Pay's virtual aliases, further boosts accessibility by tokenizing cards for contactless and online use without exposing primary account details.[83] Looking ahead, future developments in virtual cards emphasize blockchain integration for cross-border aliases, enabling faster and more transparent international transactions with reduced intermediary costs.[87] Additionally, AI-powered fraud detection tied to spending controls is emerging as a standard feature, using machine learning to analyze patterns in real-time and automatically pause suspicious activities.[88]

Discontinued Programs

Notable Examples

One notable discontinued controlled payment program was Bank of America's ShopSafe, launched in December 2004 as a service allowing customers to generate temporary virtual credit card numbers for secure online purchases.[89] ShopSafe enabled users to access the feature through the bank's website or online banking portal, where they could create up to five unique aliases per session, each linked to their primary credit card account but with customizable spending limits and expiration dates to enhance security.[90] The program was discontinued on September 20, 2019, following an announcement on September 5, 2019, as the bank shifted focus to emerging technologies.[91] PayPal's Virtual Credit Card, introduced in the early 2000s, provided users with disposable card numbers generated from their PayPal account balance, functioning as virtual MasterCard debit cards for online transactions where PayPal was not directly accepted.[92] This service allowed customers to fund purchases directly from their e-wallet balance without exposing primary card details, emphasizing convenience for digital payments during the early growth of e-commerce.[92] It was available until its discontinuation on September 22, 2010, after which the feature was phased out as a public offering.[93] Discover Card's Virtual Card Number (VCN) program, active until its discontinuation in 2014, offered cardholders the ability to create temporary numbers tied to their existing accounts, primarily designed to protect against fraud in online shopping.[94] Key features included automatic expiration of the virtual number after a single use or upon reaching a set limit, ensuring that unauthorized subsequent charges could not occur even if the number was compromised.[95] Some reports noted the end date as February 7, 2014, while others cited March 16, 2014, reflecting a brief transition period.[94] An early example in the space was American Express's Private Payments, launched in late 2000 and discontinued in 2004, which permitted eligible cardmembers to generate single-transaction aliases for enhanced privacy during web-based purchases.[96] These aliases were temporary numbers valid only for one specific purchase, shielding the primary card details from merchants and reducing exposure to data breaches in the nascent era of online retail.[96] The service represented one of the first consumer-facing implementations of controlled payment numbers by a major issuer.[96]

Reasons for Phase-Out

One primary reason for the phase-out of various controlled payment number programs was low adoption rates among consumers, who often remained unaware of the service or favored simpler security measures such as two-factor authentication. For instance, Bank of America's ShopSafe program, which allowed users to generate temporary virtual card numbers for online purchases, experienced limited uptake, leading to its discontinuation in September 2019.[91] Bank officials noted that the service did not gain sufficient traction as users preferred established fraud prevention tools over the added step of creating aliases.[97] Technological obsolescence further contributed to the decline, as controlled payment numbers were largely superseded by more advanced solutions like network tokenization and EMV 3D Secure protocols, which provide enhanced security without requiring user-generated aliases. Tokenization replaces sensitive card details with unique digital identifiers, significantly reducing fraud risks in digital wallets such as Apple Pay, where device-bound tokens limit exposure during transactions.[98] By 2025, over 35% of Mastercard transactions globally utilized tokenization, diminishing the need for standalone virtual number programs that predated these innovations.[99] Similarly, EMV 3D Secure has evolved to enable seamless authentication, further eroding the utility of earlier alias-based systems.[100] High maintenance costs for issuers also played a role, as sustaining dedicated controlled payment infrastructures proved inefficient amid shifting priorities toward integrated platforms that consolidate security features. Banks faced ongoing expenses for system upkeep, compliance, and support, which outweighed benefits for underutilized services.[101] The transition to unified virtual card ecosystems embedded in enterprise resource planning software allowed issuers to reduce these overheads while enhancing functionality.[102] Finally, broader market consolidation in the payments industry post-2010 accelerated the phase-out of isolated programs, as major networks like Visa and Mastercard absorbed virtual card technologies into comprehensive services such as Click to Pay and embedded payment solutions. This integration streamlined offerings by the 2020s, eliminating redundant standalone tools in favor of scalable, network-wide implementations that support biometric verification and one-click payments.[103][104]

References

  1. [PDF] Commercial Payments - Mastercard
  2. What Is a CPN? Controlled Payment Number + Credit Cards
  3. B2B payments redefined - Euromoney
  4. What are Virtual Payment Cards? - Payables Place - Ardent Partners
  5. What Is a Virtual Credit Card Number? | Capital One
  6. What is a virtual credit card: A complete guide | PayPal US
  7. U.S. Patent for Business-to-business commerce using financial transaction numbers Patent (Patent # 8,527,416 issued September 3, 2013) - Justia Patents Search
  8. Virtual cards vs. tokenized cards: What's the difference? - Marqeta
  9. MasterCard Acquires Orbiscom to Accelerate Development of ...
  10. Understanding Virtual Card Payments: Uses & Benefits | Marqeta
  11. ISO/IEC 7812-1:2017 - Identification cards
  12. Pros and Cons of Virtual Credit Cards - Experian
  13. How virtual cards can protect your payments against fraud - U.S. Bank
  14. Virtual Credit Cards: What They Are & How They Work - Ramp
  15. Virtual card numbers: What they are and what you need to know - WEX
  16. What Google's Virtual Cards Mean for Merchants - Chargeback Gurus
  17. Virtual Credit Cards in Travel: How to Secure B2B Payments B
  18. MasterCard pays $100m to acquire Irish-based Orbiscom
  19. https://www.wsj.com/articles/SB979781563977212808
  20. Amex's Private Payments Aimed More At Fears Than Reality - Forbes
  21. AMEX To Offer 'Disposable' Credit Card Numbers
  22. Do 'Virtual' Card Numbers Represent a Growing Market?
  23. Virtual payments: the power of an orchestration engine - Sabre
  24. Will Virtual Cards Finally Find a Big Market in AP? - CFO.com
  25. MasterCard acquires software provider Orbiscom - Reuters
  26. [PDF] Alias Directory Service - Technical Specifications - Visa Developer
  27. Tokenize Virtual Cards | Business Payment Controls
  28. What is a virtual card number and how can you get one? - Stripe
  29. Virtual Credit Card Numbers: The Complete Guide – Forbes Advisor
  30. Mastercard Virtual Card Tokens | Mastercard Checkout Solutions
  31. The Complete Guide to Payments Tokenization - ACI Worldwide
  32. MDES Token Connect - Mastercard Developers
  33. Mastercard, TSYS and Extend Launch Mobile Virtual Card Solution ...
  34. In Control for Commercial Payments - Mastercard Developers
  35. How virtual credit cards enhance security and control - Extend
  36. EMV® Payment Tokenisation - EMVCo
  37. [PDF] use-case-for-issuers-enabling-in-control-for-commercial-payments ...
  38. How to Use Visa Alias Directory
  39. [PDF] Visa® Account Updater for Merchants
  40. A Deep Dive into Tokenized Transactions | Visa
  41. SafeKey & Online Safety: Card Authentication | Amex US
  42. [PDF] american express safekey
  43. EMV® Payment Tokenisation: What, Why and How - EMVCo
  44. What is a virtual credit card number and how do I use one?
  45. More card issuers offering virtual card numbers to cut fraud risk
  46. Eno, your Capital One assistant
  47. Using virtual credit cards | Capital One Help Center
  48. Virtual Cards: Single-Use & Reusable Digital Payments - J.P. Morgan
  49. What is a Virtual Credit Card and How Does It Work? | J.P. Morgan
  50. Google Pay TM Frequently Asked Questions - Wells Fargo
  51. Guide to digital wallets | Wells Fargo
  52. Evolution of virtual credit and debit cards (part 1) - Digital Bytes
  53. [PDF] US Payments Security Evolution and Strategic Road Map | Mastercard
  54. [PDF] Tokenisation Service Guide - Thredd Documentation Portal
  55. [PDF] Virtual Cards: The Future of B2B Payments | American Express
  56. How to simplify B2B payments without disrupting your supply chain
  57. AI‑Driven Payment Card Innovations for Banks - Boost Security
  58. Virtual Crypto Cards: The Future of Spending in White Label Wallets
  59. NFT Trading Cards: A Digital Revolution in Collectibles | Koinly
  60. E-Commerce Sales Surged During the Pandemic
  61. EU PSD3 Rules and the Future of Virtual Cards - Buvei
  62. PSD3: Everything you need to know - Adyen
  63. 7 Best Privacy.com Alternatives in 2025 - Ramp
  64. The 5 Best Corporate Credit Cards for Startups in 2025 - Zeni AI
  65. Top 7 Brex Alternatives in 2025 - Navan
  66. Top Virtual Credit Cards Companies & How to Compare Them (2025)
  67. Virtual Cards Market Size, Growth Report & Share Analysis | 2025
  68. Why Galileo Leads the Digital Issuance Industry in 2025
  69. Top 3 Virtual Cards for Online Shopping in 2025 - WooshPay
  70. Virtual Credit Card Statistics 2025: Adoption Rates, Market Growth
  71. 2025 AFP Digital Payments Survey: Key Highlights - J.P. Morgan
  72. Mitigate Payments Fraud With Virtual Cards - Citizens Bank
  73. Blockchain in cross-border payments: a complete 2025 guide - BVNK
  74. Emerging Virtual Card Innovations for 2025 - Buvei
  75. Bank of America Archives - Page 9 of 11 - Finovate
  76. 5 Things You Should Know About Virtual Credit Cards - PCMag
  77. Bank of America Discontinues 'ShopSafe' Virtual Credit Card Numbers
  78. Why did PayPal discontinue their one-time credit card numbers?
  79. paypal, inc. - SEC.gov
  80. Re: PayPal virtual debit card - does it still exist and where do I find it?
  81. Three start-ups have a novel solution to online fraud: numbers used ...
  82. Virtual (one-time) card number expiration period
  83. Why did American Express discontinue their one-time use virtual ...
  84. Does using your credit card online make you nervous?
  85. Why don't more banks offer virtual card numbers if they're safer?
  86. One-click payments by 2030 with tokenization - Mastercard
  87. We (Really) Can't Stop Talking About Tokenization: A 2025 Update
  88. Achieving secure and seamless online payment experiences ...
  89. The top 7 costs of standing still with banking technology | Lumin Digital
  90. Mastercard is modernizing commercial payments with embedded ...
  91. How virtual cards can simplify commercial payments - Mastercard
  92. https://www.pymnts.com/credit-cards/2024/visa-unveils-new-push-to-wallet-virtual-card-solutions
  93. Changes to Citi's Virtual Account Numbers (VAN)
  94. Best Virtual Cards for Digital Content Subscriptions
  95. How to Use Virtual Credit Cards: A Comprehensive Guide for Businesses
  96. If You Pay for Subscriptions, You Need a Virtual Card. Here’s Why
  97. Credit cards: The recurring charges even banks can't seem to stop
  98. Virtual Credit Cards: Acceptance and Networks
  99. Virtual Credit Card: What It Is and When to Use One
  100. If You Pay for Subscriptions, You Need a Virtual Card. Here's Why
  101. Virtual Credit Cards for Online Shopping
  102. Privacy.com Virtual Cards – Secure, Temporary Cards
  103. Where Can I Use a Virtual Credit Card? Your Guide to Secure Online Payments
  104. Using virtual credit cards | Capital One Help Center
  105. Virtual Card Processing: What Sellers Must Know About Accepting Virtual Credit Cards
  106. Using virtual credit cards | Capital One Help Center
  107. Websites Virtual Cards Can’t Pay For: Understanding Restricted MCCs in 2026
User Avatar
No comments yet.