Skip to main contentSkip to main content
You have permission to edit this article.
Kiplinger’s Personal Finance

Kiplinger's Personal Finance: A disguise for your credit card number

  • 0

You should consider several layers of protection.

Protecting your credit card information from fraudsters is a job with many layers.

It’s a good idea to check your credit report and bank statements frequently, and you can prevent someone from applying for credit in your name by freezing your credit records.

(When you place a credit freeze on your credit reports, new creditors can’t review them to determine whether you’re eligible for a credit card or loan — and in turn, lenders are unlikely to grant credit to fraudsters posing as you. When you need to shop for credit, you can temporarily lift the freeze.)

For extra protection, you may want to start disguising your actual credit card number with a virtual number — especially if you plan to do most of your shopping online this holiday season.

Most Capital One and select Citi cards, as well as mobile wallets from Apple, Google and Samsung, offer this feature, which randomly generates virtual numbers that are linked to your credit card.

Capital One cardholders can protect online transactions by downloading and installing the browser extension Eno. When you are on a merchant’s checkout page, the extension pops up, you sign into your Capital One account, and Eno generates a merchant-specific virtual credit card number. (The numbers expire in five years.)

Citi members must log in to their credit card account and opt in to use a virtual credit card number. An update rolling out by the end of this year will let users generate one virtual number for multiple merchants.

Mobile-wallet users have the advantage of being able to create virtual credit card numbers to use in-store as well as online.

For example, Apple Pay stores a “token,” or a device-specific account number, that acts as a stand-in for your actual credit card number once you add the card to the mobile wallet.

This token is encrypted and stored on the device. At checkout, Apple Pay will send the token information and a transaction-specific security code to the merchant, who relays it to the payment network, where it’s verified against the stored information. Google Pay and Samsung Pay work more or less the same way.

Keep in mind that because the merchant doesn’t have your actual card number, it’s important to keep a record of your receipt in case you need to make a return.

Send questions to Visit for more on this and similar money topics.


Related to this story

Most Popular

Get up-to-the-minute news sent straight to your device.


Breaking News