My son had his first debit card for all of three months before the number got stolen and used for unauthorized purchases — to the tune of about $1,600. It’s happened to me at least three or four times. And based on a couple informal polls I ran, at least 75 percent ofreaders have experienced it at least once.
This sucks in all kinds of ways: It’s a pain having to call your credit card company, file a fraud report, make sure all the charges get reversed and then update the auto-pay information for any number of services. And it’s no fun for your credit card company because they often have to eat the losses, which in turn leads to higher fees, interest rates and so on for consumers.
Good news: There’s a tool that can help. Token is a free app that generates virtual credit card numbers so your primary number gets used less, thereby reducing the chances of fraud.
What’s a ‘token,’ anyway?
Allow me to clarify a few terms. Although Token is the name of the app/service, a traditional credit card or payment system “token” is actually a different animal. According to CreditCards.com industry analyst Ted Rossman, “Tokenization is a method of securely transmitting data behind the scenes, whereas a virtual card number is something a consumer asks for so that he/she doesn’t need to list his/her ‘real’ credit card number when making an online purchase.”
Ross notes that mobile payment systems like Apple Pay, Google Pay and Samsung Pay all use tokenization, as do chip-equipped credit cards. But, he adds, “Those cards don’t protect you online at all.” And the mobile pay options aren’t widely accepted online, at least for the moment.
A handful of credit card companies, including Citi and Capital One, already offer to generate virtual numbers, though I’m not sure if the process is quite as simple as it is with Token (see below).
But the advantage of the Token service we’re examining here is that it works with any existing accounts you already have. And it’s free to use. (The company earns a percentage of the overall transaction cost, the “interchange fee” associated with all credit card transactions.)
How Token works
You start by linking to one existing credit, debit or bank account. Then it generates a new credit card number — a “token” — you can use once or, if need be, more than once.
In fact, right out of the gate Token offers to provide you with tokens for things like Amazon and Netflix, the idea being that you’d swap that new number for the one you have on file. But you can also quickly generate a new token for anything, like something you’re buying online or ordering by phone.
Once you’ve set up a token, it will stay active by default, but you can temporarily freeze it if you like or delete it altogether. The freezing option is nice if you think you might need to recall that number later on, like to process a refund. Speaking of that, Token handles those automatically, with any refunds going directly to your linked payment account — even if the token is frozen.
All this happens via the Token app, but there’s a desktop plug-in coming soon for Google Chrome.
My biggest concern with using Token is the potential impact it has on your credit card’s cash back or rewards program. According to Yana Zaidiner, Token’s co-founder and COO, you’ll still earn points when making purchases via Token, but you may not get a multiplier.
For example, suppose you have a card that pays you 2 percent cash back on dining, 3 percent on travel and 1 percent on everything else. When you use Token, you’ll likely end up with just 1 percent on everything, because each purchase is recorded with Token as the merchant, and therefore not categorized as “dining” or “travel.”
Zaidiner said this is something the company plans to address in the future, and in fact Token will also suggest which card you should use to maximize your rewards. A physical Token card is in the works for later this year as well.
Token probably can’t eliminate 100 percent of fraud issues, but it can certainly help reduce them. There’s no cost to using the service, so it’s definitely worth a look.