[chx]

This is a solved problem, really, some banks are less keen on implementing it: generate single use / single purpose credit card numbers in your ebank / mobile app. Leaks are total useless. Also, more than a decade ago already many European banks were sending a text SMS above a treshold and only approved on a positive reply. Today you'd likely offer sending a push notification.

You have 16 digits on a Visa/MasterCard, the first six is the bank identifier and the last is a checksum digit thus you have 9 digits to "waste" -- and you can recycle them.

[SaberTail]

Bank of America has discontinued their ShopSafe system for single-use credit cards. Citibank seems to still have their virtual credit card system, but it requires Flash. Are any banks currently embracing it?

The impression I've gotten is that since most of the costs of fraud are on the bank, rather than the cardholder, there's not much incentive for the cardholder to go through the trouble of using single-use cards. And so it's a better investment for the bank to develop good fraud detection algorithms.

In my anecdotal experience, the fraud detection has gotten really good. Every time in the past decade that someone's gotten hold of my credit card number, the bank's caught it nearly immediately.

[SamReidHughes]

Also, since they now just text you, they can make the algorithm more stringent.

I've had BoA fraud detection ping me about a monthly rent check before, so I'm not sure it's really good.

[miohtama]

Specifically, in the EU new Payment Services Directive 2 requires two-factor authentication on online payments. Banks and issuers do not bulge, as merchants pay most of the fraud cost, so government and regulators need to intervene.

Funnily enough PayPal and Stripe were lobbying against this "harming of consumer experience."

[shkkmo]

Single purpose cards only work for details used for securing online transactions. Many compromised cards come from breached small business POS terminals.

Active confirmation of purchases would be great if it were available, but I. Not aware of any US card issuers that allow you to opt-in to such a service.

[aytekin]

Can they handle monthly subscriptions?

[lhuser123]

I learned about privacy.com here on HN and it has been very helpful for me. You can create virtual cards for single-use or recurring payments. Each card can only be used by one vendor. You also set a max amount.

[chx]

Exactly, some implementations can even lock it to a single "message" (what you see on the credit card statement) so that it can't be used for a different purchase. Needs cooperation from the merchant not to put the subscription date in the message but otherwise, it's not exactly rocket science.