MacInTouch Amazon link...
Channels
Apple, Security, Products


Unless I missed it upthread, I haven't seen a lot of discussion here about the rewards themselves on the Apple Card, which are decent, but not as good as some better options, if Apple purchases, the Apple branding, and iOS integration features are less important to you than what you actually earn by spending on it.

Here are some competitive cash-back alternatives with no annual fee:
  • Synchrony PayPal CashBack MasterCard: 2% back, no foreign transaction fee, no annual fee
  • Citi Double Cash: 2% back, no annual fee. Beware 2.7% foreign transaction fee.
Or with an annual fee for higher earning:
  • Alliant FCU Visa Signature: 2.5% back (3% first year), no foreign transaction fee, $99/year
  • Bank Of America Premium Rewards: If you have $100K in holdings at BofA, it earns 2.625%-3.5%, no foreign transaction fee, $95/year
The above can be supplemented with high earning "category" cash-back cards, if you don't mind using different cards for different purchases:
  • Barclay Uber: 4% on dining, 3% on airfare and hotels, no foreign transaction fee, no annual fee
  • Chase Amazon or Synchrony Amazon Store: If you have Prime, 5% back at Amazon and Whole Foods, no foreign transaction fee, no annual fee; 3% at Amazon for non-Prime (Synchrony version is a "store card," can't be used outside of Amazon)
  • Amex Blue Cash Preferred: 6% on groceries up to $6,000 spent per year; 3% on gas. $95/year. Beware 2.7% foreign transaction fee.
More specialty category high earners are here:

And if you don't mind a high annual fee and prefer your rewards to be used for air travel, especially business or first class, then you probably don't want cash back at all, but instead, cards that earn transferrable points, of which the best are a combo of Chase Sapphire Reserve + Chase Freedom Unlimited or combo of Amex Gold + Amex Everyday Preferred. Lesser but ok options are Citi Prestige or Capital One Venture.

(I write a foulmouthed blog on this topic.)
 


That may be less effective than you think. I once tried scrambling an 800K Mac floppy disk with a very large magnet. To my astonishment, it still worked.
While there is a kernel of truth to the "magnets erase magnetic media" belief, the critical element most people aren't aware of is that magnetic media is surprisingly resistant to static magnetic fields. (In technical terms, they exhibit high coercivity.)

On the other hand, strong alternating magnetic fields readily modify the magnetization in the medium. This effect is so pronounced that analog audio tape recorders (and probably digital ones, too?) use an AC "bias" signal, an ultrasonic signal sent to the tape head during recording along with the audio signal itself. The bias signal (which is strong enough to overcome the coercivity of the magnetic particles, but is itself too high frequency to be audible or indeed even to be written to the tape) in a sense "loosens" the magnetic particles' magnetic fields. The particles then readily magnetize to the comparatively weak incoming audio signal, and the audio recording is "locked in" as the tape moves away from the recording head.

The development of AC bias was a quantum leap in magnetic recording technology, and is what took audio recording from the low-fi era into hi-fi.
 


I found a major shortcoming of the card: It cannot handle my company account.

Here's the thing. When I check into a hotel, e.g., I give them my company credit card (Amex) instead of my personal Amex card, so that my company gets charged for the business expense. And Amex is paid via my company bank account.

When I tried to add my company's bank account to Apple card, it was denied. Goldman Sachs confirmed the issue and said:
If the corporate bank account is not under your name you won't be able to use it. At this time we currently don't support that feature. I'll be sure to document your feedback and get this over to my manager.
This is a major bummer for doing business with Apple Card. Every company card is registered with a company, unless your name is the company. Companies don't have Apple IDs, do they? Can't really take advantage of this card, especially for big ticket company items like iPads or Macs. Did Apple or Goldman Sachs think this through?
 


Unfortunately, the process of applying, acquiring, and even using the Apple Card is not ready for prime time. At least that's been the case for myself and my wife .

To begin... Like many others, I got an early access email from Apple saying that there might be an issue with my login info for iCloud. Not sure what that was about, but, in any case, my supposed early access never came about. So, when the card became broadly available early this week, I applied. The process seemed simple enough, but I got rejectly repeatedly for Goldman Sachs to verify identity. I checked all my [submitted data] again, and again got a rejection for identity confirmation. So I gave Apple a call and, after a few checks on the application from their end, they couldn't see any issues. However, the agent said that he'd seen this happen several times throughout the day, and it was a problem that Apple was aware of. Please try again the next day. So that's what I did.

Same result. But, this time, my application was denied because I had applied too many times. Another call, a transfer to a more experienced agent, finally they brought Goldman Sachs on the line. No answers came out of the call, other then try again next week. Frustrating? Yes. Logical? No. A credit worthiness issue? Not likely, since they don't have credit ratings any higher then our family's. I was frustrated. I wanted to get the card so I could use it on a purchase of a new computer for my wife as a birthday gift.

Next, I told my wife about my experience with applying for an Apple Card, and she thought she'd give it a try and just order the computer herself. Now, that's when the fun really began. I'll let my wife tell her tale...
I was forced to be a beta tester for the Apple Card support

I planned to buy a refurbished iMac via the online Apple store. Why not get 3% back? Friday afternoon I applied and got an Apple Card with an ample credit limit. The Apple website promotes purchasing with their new card at every turn. This should work, no problem.

Well… No.
The card was added to my iPhone’s Wallet. When checking out at Apple.com, I chose Apple pay and used the Apple card. I first had to make it my default Apple Pay payment card in the Wallet. All’s good, I got my confirmation email at 4pm.

At 6pm I got another email - "We're having a problem with your payment". - I needed to update my payment information.

I went to the order online, I thought maybe because the last four of my zip code differed between Billing and Delivery. Apple’s system auto filled my delivery zip and wouldn’t let me override their chosen zip code. I ended up calling Apple support, the number on the order page. During a 20 minute call, it was determined I must contact Goldman to resolve the decline. She connected me with someone at Goldman Sachs, who bruskley said they were closed and open M-F 9-5. It was determined I needed to call back Monday. That’s crazy! (Later I learned that was not the correct phone number for Apple Card support.)

Saturday morning I wake up to a notification of a charge pending for $184. I was confused and wanted to know what that was for. Through the Wallet app I “Reported an issue” as “unknown transaction” this takes you directly into a chat session with Apple. I had a very long chat that ended up me having to phone Apple Support to find out what the charge was for.

On the support call, after a transfer to an Apple online store specialist, we determined that the $184 charge must have been for the Apple Care portion of my iMac purchase. That mystery was solved (I was worried I somehow flipped on default payment of our Apple Family plan. My brother buys a LOT of iTunes movies.) This call took 37 minutes.

So after all this, I learned more about the card, how to see the card number, and on the last call how to find the phone number to go directly to Apple Card Specialists at Goldman Sachs. I call, they quickly answer but have to transfer me to someone how can verify my identity and clear up the issue with the card, after waiting on hold for awhile the rep said I could call back at 1pm and reach some one more quickly. Gee, no surprise they’re experiencing a high volume of calls.

I call back and within 9 minutes verify my identity by answering a lot of questions. I was able to retry my payment and it went through. The rep said “it is for a bigger amount and their system automatically flags it real quick”. Also, she’s surprised by the volume of people making large purchases on the Apple website. Seriously? Clearly they didn’t think this through — The Apple sales pitch is all over the Internet “Apple Card is Here | Created by Apple, Not a Bank‎ — Apply in minutes, use right away”. On Apple.com every item encourages you to apply for the Apple Card and use it right away.

I thought because this appeared in my wallet on my iPhone, my identity was confirmed. Not so. And the initial Apple help did not know how to help me. (Granted, all the folks I spoke to were very polite, and tried to be helpful.)

Total - 5 phone calls (102 minutes total), and one chat very long session. Also, got fourteen automated emails from Apple saying “order change confirmation” which made no sense. This is not the experience I expect from Apple, and a high price to pay for 3% cash back.
Back to my tale.

I've been a regular Apple buyer from the very first day the Mac was announced. There's hardly a computer, iPod, iPad, iPhone, accessory or ianything that Apple has made since 1984 that I have not owned. It's fair to say that I've been a pretty satisfied customer as I keep coming back for more. But, for the record, the various issues with the roll-out of the Apple Card are, by far, the worst experience I've ever had with any Apple product. The card may be state-of-the-art when it comes to security but when it comes to acquiring and using it, it's far from ready.

I'm a designer and, from the card as product standpoint, these issues should have been easy to predict and resolve long before it was released. Remember when the first-gen iPhones came out, and Apple stepped in to replace the process of signing up for cell accounts, because the telco experience was so horrible? It was shockingly simple, fast and delightful. This was the opposite.

It's quite clear that there are serious flaws in the Apple Card system and the partner situation with Goldman Sachs. Clearly, there was nowhere near enough testing of the process and training/resouces for support staff. Goldman, the card issuer, only open 9-5 M-F for help, and surprised and unable to deal with all the large purchases at the Apple Store. Seriously?

Like the ridiculous issue of the physical card being damaged by keeping it in your jeans pocket, storing it in a leather wallet or stacking it together with other cards, you have to ask the obvious question: Did they even test this?

The Apple Card is not ready for prime time.
 


Total - 5 phone calls (102 minutes total), and one chat very long session. Also, got fourteen automated emails from Apple saying “order change confirmation” which made no sense. This is not the experience I expect from Apple, and a high price to pay for 3% cash back.
At my standard consulting rate, 102 minutes and one "very long" chat session would exceed the 3% cash back on a well-equipped iMac Pro or many/most configurations of the new Mac Pro. Throw in Apple's absurd warnings about protecting the physical card from damage or discoloration, and the Apple Card is a hard pass for me, which seems to be reflecting a pattern. It seems that, on balance, a more conventional credit card will be more reliable, at least until Apple gets beyond these growing pains.
 


It isn't just the patina. According to Gizmodo, it is up to the consumer how to handle this precious item, as it seems that normal use could impair the effectiveness of the Apple Card.
Every credit card has these exact same problems. Every one I've ever owned has eventually become discolored from my leather wallet. And their mag-stripes all abrade away over time as a result of being placed alongside other cards (for this reason alone, I'm glad the US is finally using EMV chips).

Apple may be the only company telling customers about this issue, but it's hardly unique to their product.
 


Apple may be the only company telling customers about this issue, but it's hardly unique to their product.
In a strange way, I think that lies at the heart of many of the complaints. Presumably, almost everyone who has had a credit card is familiar with the wear, tear, dirt, and damage that cards suffer over time.

Only Apple (and perhaps some of its customers) regards its cards with such narcissistic fervor that it feels the need to issue documentation on how to clean, carry, and store its cards.

It's just a little too precious, especially when Apple doesn't seem capable of adequately documenting things that actually need good documentation, like APFS.
 


I own a home in Oregon. I use that address for all my financial stuff: bank accounts, credit cards, investment accounts, etc. That's the address the credit agencies have on me. However, I spend very little time in the US. I don't have a US state driver's license or ID. My credit score is generally over 800.

When applying for the Apple Card I was asked to verify my identity by scanning a State driver's license or ID. Don't have one, so I tried a US passport and a US Global Entry ID card. Neither worked. I contacted both Apple and Goldman Sachs. Both said it's either a State ID or nothin'.

I guess I'm out of luck.
 



Ric Ford

MacInTouch
An electrically and RF-secure condom for the Apple Card so one does not get sc******* by the bad guys?
It may not be a significant problem...
Digital Trends said:
RFID-blocking products are practically worthless. Here’s why
... If you’re worried about identity theft or credit card fraud, you should be more concerned about other, verifiable crime that’s actually happening, like phishing scams. While there’s no harm in using an RFID-blocking product, it’s unlikely to help, and there’s no real need to spend money on them.

“Tin foil works just as well if not better than all of these-RFID blocking products,” Grimes said.
 


And an RFID-blocking wallet can also be an inconvenience. For instance, I usually leave the RFID card I use to ride the Metro in my wallet and just tap the wallet against the reader. It would definitely slow me down if I had to actually remove the card every time I use it.
 


(Disclaimer: I don't have any insider knowledge about Apple or Goldman Sachs.)

I think two of the problems discussed here are the result of either federal regulations on financial institutions or the current geographic restrictions on cardholders.

The inability to link business bank accounts could be due to anti-money laundering and Know Your Customer rules. Also, as we've seen in this thread, Goldman Sachs has many reasons to avoid public controversy as much as possible. So Goldman Sachs may be adhering to these rules as strictly as it can.

For the state ID requirement, it's probably a combination of Know Your Customer and the current embargo on non-US domiciled accounts. Apple and Goldman Sachs probably also don't want to get enmeshed in any cross-border regulatory problems right now. Financial services are tightly regulated worldwide, with the EU and the USA having major differences in particular.
 


Nevermind RFID blocking and card cloning. Worry about the perfectly legal tracking:
Washington Post said:
The spy in your wallet: Credit cards have a privacy problem
In a privacy experiment, we bought one banana with the new Apple Card — and another with the Amazon Prime Rewards Visa from Chase. Here’s who tracked, mined and shared our data.
... So who all can track, mine or share your transactions? Where does the Apple Card help? Let’s unravel the six kinds of companies that sold me out. It’s bananas.
I don't think I'll spoil anything in the article by telling you that they couldn't track what happened next, although they read a lot of policies and asked a lot of questions of companies such as Chase, Target, Verifone, Square, Visa, Mastercard and Google. Not one of those companies would give any sort of straight answer.

Also worth noting: Even if you have an Apple Card with the contractual limitations it places on Goldman Sachs, every other link in the chain is wide open to recording and reselling data:
  1. The card network
  2. The store
  3. The point-of-sale (POS) systems, such as Verifone and Square
  4. Mobile wallets such as Google Pay, Samsung Pay and Apple Pay
  5. Financial apps such as Mint. Oh, and Gmail, which adds any receipt that lands there into a purchase database you don't know about or get to see.
Apple Card sharply limits the issuing bank (Goldman Sachs) and Apple Wallet from seeing the data. That still leaves the card network, the store you buy from, the POS system that you use at the checkout, and maybe your email provider secretly scraping data, too.

Yuck.
 


One more link – if you'd like a more private credit card but aren't keen on Apple, that WaPo article mentions Privacy. It generates unique "virtual card" numbers for each online transaction.
 


One more link – if you'd like a more private credit card but aren't keen on Apple, that WaPo article mentions Privacy. It generates unique "virtual card" numbers for each online transaction.
Bank of America used to offer a similar service, but when I wanted to use it recently, it seemed to have vanished. Now they seem to have shifted their security to "Safe Pass", which sends one-time codes to mobile phones, and I can't find any way to generate virtual card numbers. That's useless for what I wanted to do, limiting companies I buy services from, charging automatic renewals. Am I missing something?
 


Had my credit cards scanned in my hip wallet as I walked through the Newark Airport crowds enroute to the UK New Year's day. By the time I landed, all cards we're compromised. Fortunately my UK based cards were carried elsewhere.

That was after having our new credit cards from Wells Fargo compromised internally before they were mailed as they were activated when they arrived (just two days before the trip above).
 


Bank of America used to offer a similar service, but when I wanted to use it recently, it seemed to have vanished. Now they seem to have shifted their security to "Safe Pass", which sends one-time codes to mobile phones, and I can't find any way to generate virtual card numbers. That's useless for what I wanted to do, limiting companies I buy services from, charging automatic renewals. Am I missing something?
You may be remembering BofA's 'ShopSafe' utility for creating virtual card numbers to use online. It still exists for everyday use. The new "Safe Pass" option seems targeted at high-value transactions such as real estate.

But 'ShopSafe' depends on a Flash app, which several banks standardized years ago and have not updated since. It's a clumsy app, and Flash is intrinsically insecure. So I'm migrating to the Apple Card, although privacy.com does look interesting.
 


I've been using virtual card numbers with my Citi card for years. You can specify the maximum dollar amount, as well as the expiration time (2 months or longer). It's great for online purchases, as well as a recurring payment for a service that you aren't planning to extend beyond the initial time period.
 


You may be remembering BofA's 'ShopSafe' utility for creating virtual card numbers to use online. It still exists for everyday use. The new "Safe Pass" option seems targeted at high-value transactions such as real estate.

But 'ShopSafe' depends on a Flash app, which several banks standardized years ago and have not updated since. It's a clumsy app, and Flash is intrinsically insecure. So I'm migrating to the Apple Card, although privacy.com does look interesting.
Thanks. Bank of America buries 'ShopSafe' pretty deeply. You have to log into your card account, click on the Information & Services tab, find the Features section, then click on the Use ShopSafe link before dealing with the request for Flash.
 


I'm a regular user of Privacy.com. It works great but it isn't a "credit" card. It uses the Visa network, but it works like an ATM card with a Visa logo. It must be linked to a bank account with adequate funds available, and as soon as you use it, the money comes out of your account. No monthly bill to pay. They have a cash-back program, but I haven't figured out how to use it. You need to enter a code to get cash back on purchases. I've never gotten any codes.

I've had my credit card number compromised several times by using it to pay monthly utility bills, and Privacy.com eliminates that. Each unique virtual card you create gets locked to the merchant that first uses it. There are several parameters you can set for each card: one-time use, monthly limits, etc. You can access it via the web or iOS (and I assume Android).
 


For discussion purposes, my personal security practices are based on a few core principles:
*Keep access to checking, savings, brokerage, and retirement account numbers severely limited.
  • Use credit cards, not debit cards, as much as possible.
  • As much as possible, keep highly sensitive information out of the cloud.
  • Be especially careful about providing financial information to startups and fintech companies not subject to federal and state direct regulation.
  • Compartmentalize storage, access, and communications for any accounts you want to protect.
  • Establish online accounts proactively when necessary, such as with Social Security or the IRS, to protect against a criminal opening an account in your name.
What does all this mean in practice? A decrease in convenience, of course, but a lot of things I do are pretty easy. For example,
  • It's possible to set up an iCloud account that is independent of your iDevices and Macs. Then, iCloud Mail allows up to three email aliases per account.
  • I've assigned each alias to a specific sensitive account. I never use the aliases for anything else. I don't ever reveal them publicly.
  • For 2FA that does not allow the use of an authenticator app or a physical token, I've set up a Google Voice account. The GV phone number is only used for these 2FA instances.
  • I try to avoid single points of security failure, such as Yodlee and cloud password storage.
  • If a company or website requires a phone number, I give out a landline number in most cases. I try to use my mobile phone number only for non-confidential stuff since SIM swapping has become prevalent.
 


Turns out the new Apple Card is 90% titanium and 10% aluminum. You just "knew" someone was going to try and find out its composition.
Bloomberg said:
How Much Titanium Is Really in the Titanium Apple Card?
But how much titanium? To find out, a Bloomberg Businessweek reporter sent his card to a mineralogist, University of California, Berkeley professor Hans-Rudolf Wenk. Professor Wenk used what’s known as a scanning electron microscope, or SEM device, to determine the card’s atomic makeup. He found that the answer is about 90%. The rest of the card is aluminum, according to the analysis.
 



Thanks. Bank of America buries 'ShopSafe' pretty deeply. You have to log into your card account, click on the Information & Services tab, find the Features section, then click on the Use ShopSafe link before dealing with the request for Flash.
BofA buried 'ShopSafe' deeply, and today BofA announced that as of 9/20 - two weeks from now - it's dead. No payments or creation of new numbers will be processed. This will deeply inconvenience all 83 users (approx).

As their email to me says, "Technology has come a long way since we launched ShopSafe". (Actually, BA inherited this Orbiscom technology when it acquired MBNA, but who's counting.). Now they recommend using the actual BofA card number, since they're confident in their security measures, or using a digital wallet.
 


As their email to me says, "Technology has come a long way since we launched ShopSafe". (Actually, BA inherited this Orbiscom technology when it acquired MBNA, but who's counting.). Now they recommend using the actual BofA card number, since they're confident in their security measures, or using a digital wallet.
It's been a year or two since I've had a BoA card compromised, but for many years before that I had BoA cards compromised so many times that I lost count. At least in theory, ShopSafe would be very useful if you had to make payments to companies you did not trust with your real card number because they may set it up for autorenewals you don't want.
 


Henry David Thoreau said, "This world is but a canvas to our imagination." This includes the Apple Card with the right tools. Unleash your imagination.
Nick Statt said:
The Apple Card was made to be defaced
Apple may be warning owners of its new titanium credit card against storing the card in leather wallets for fear it could tarnish its all-white finish, but the company may have inadvertently created the perfect canvas for savvy DIYers.

Twitter user Nick Wiegand clued us into this when he posted a picture this afternoon to Twitter and Instagram of his Apple Card after he sent it through a CNC machine, which is a computer-controlled machine tooling device. The result is an Apple Card emblazoned with the intricate decals found on the back of a Bicycle playing card.
 


It's been a year or two since I've had a BoA card compromised, but for many years before that I had BoA cards compromised so many times that I lost count. At least in theory, ShopSafe would be very useful if you had to make payments to companies you did not trust with your real card number because they may set it up for autorenewals you don't want.
I agree, and I've been one of those ~ 83 'ShopSafe' users for years.

The Apple Card provides a virtual number, but as noted by others, it's only a single number for all uses.

Wikipedia on 'Controlled Payment Number' is interesting but seems incomplete.

ShopSafe had to go, though: Flash officially dies next year.
 


ShopSafe had to go, though: Flash officially dies next year.
I used ShopSafe all the time. It was especially useful for subscriptions, e.g., Netflix; I'd create a "card" with a six month life and could control the maxium amount that could be charged in recurring payments. After the six months expired, I'd get a notice from a subscription that my card had expired. I'd either get a new card and renew the subscription or just let it die. The last time I got a Netflix notice, I just let it go. Now I get frequent email appeals to return.

One related surprise: I'd posted a "real" card to Consumer Reports online. The card expired, and I'd decided not to renew. Somehow CR managed to bill and collect the renewal without the new card's dates....

Always thought it was ironic that a "security feature" depended on one of the most insecure consumer products ever, Adobe Flash. I'd hoped Bank of America would update ShopSafe rather than drop it. Can't but imagine it saves fraud losses, or losses from websites that insecurely store payment info.

Today's email from Bank of America advising ShopSafe will end suggested I try a "digital wallet", which seems to be only avaiable on mobile, likely because of those "secure enclave" chips, though I'm dubious that most Android devices, back to Kit Kat 4.4, are safe enough. As a not-Samsung Android user, I'd have to install and use Google Pay or the PayPal application. I'd have to use my phone to shop and buy online, if I want the security advantage of sending a token instead of my real card number. That's far from a replacement for ShopSafe.

I've no delusion that Firefox, even with uBlock Origin, Firefox's own new anti-tracking features, and EFF's Privacy Badger, is truly private. But it has to be better than an Android phone app....
 


The Apple Card provides a virtual number, but as noted by others, it's only a single number for all uses.
I see a different number on each receipt every time I use it, so my card number is the same but the merchant sees a different number and cannot track my purchases.
 


I see a different number on each receipt every time I use it, so my card number is the same but the merchant sees a different number and cannot track my purchases.
I'm referring to the single virtual number one can manually enter for online purchases, seen in the Apple Wallet's info for the card. This number stays constant until you regenerate it. Of course it's not the card's actual number. This differs from purchases at the register where a new virtual number is made for each transaction.

I'm reminded of T.S.Eliot's poem The Naming of Cats. And pointers and references...
 



But really, does ShopSafe have to depend on Flash?
I can't imagine why it would. At its core, Flash is a runtime environment for software developed using Adobe's ActionScript language.

I can understand that there may be a great expense in rewriting an app in some other language, but ActionScript is similar enough to JavaScript (AS3 is a superset of ECMAScript) that porting the code shouldn't be too difficult. You might need to replace some Flash-specific classes with original code, but hopefully there shouldn't be a lot of that in an application like ShopSafe.

There are also systems like Apache Royale, which (as long as you avoid Flash-specific classes) can let you write the app once and compile it for both Flash and JavaScript.

Why wouldn't BofA port their app? Not for any technical reason. They probably decided that they didn't want to spend the money to actually port it.
 


But really, does ShopSafe have to depend on Flash? I think not. It seems other vendors provide similar services without Flash, like Citi Virtual Account Numbers to name one.
Actually, Citi's Virtual Account Numbers also relies on a Flash application. I imagine it's probably the same flash app that powered BoA's service. Capital One's Eno requires a browser extension. Why can't the banks just provide a simple web interface for generating numbers?
One related surprise: I'd posted a "real" card to Consumer Reports online. The card expired, and I'd decided not to renew. Somehow CR managed to bill and collect the renewal without the new card's dates....
It's called Visa Account Updater or Mastercard Automatic Billing Updater, and it allows merchants who have your card information on file for recurring billing/payments to receive updated card info from your bank when they issue you a new card. So, it's better to proactively cancel your recurring services properly rather than relying on expired payment info to make it stop.
At least in theory, ShopSafe would be very useful if you had to make payments to companies you did not trust with your real card number because they may set it up for autorenewals you don't want.
Now they recommend using the actual BofA card number, since they're confident in their security measures, or using a digital wallet.
What I really find useful with virtual card numbers is putting time and dollar limits on them, for certain types of transactions, and the banks' recommended replacements are no substitute for that.

One situation is where I have concerns about the company I'm buying something from. For example, I used both MoviePass and Sinemia over the past couple years but had severe misgivings about their business models. I used virtual account numbers with expiration dates of only a couple of months, and dollar limits of just a little bit more than the initial annual subscription I purchased, so that they would not be able to do any additional charges or service renewals without my express action (giving them new payment information). That turned out to be prescient, as both companies ran into financial trouble, and there were numerous reports of billing issues.

Another example I've used them for is small online companies or foreign companies where I want/need to buy something from them but have no previous experience with them. In both examples, while I'm always not liable for fraudulent charges, if I give them my real credit card info, that still allows unrestricted ability to make fraudulent charges in the future, whether the company is a bad actor or if the credit card info gets stolen. It's much easier to prevent a fraudulent charge from happening in the first place with time and dollar limits using virtual card numbers, rather than having to dispute a bad charge after the fact.

Another use case is, for example, trial subscriptions - you know, the kind where they say "free 2 week trial, but you have to provide your credit card info, and at the end of your trial, we'll automatically charge you for a subscription unless you cancel beforehand" - but I really only need it for that trial period? Virtual card numbers with a short validity period and a $1 limit are great for those . You don't have to worry about accidentally forgetting to cancel your trial, and the card info is useless to the company if they try to use it later or if it gets stolen later.
 


Why wouldn't BofA port their app? Not for any technical reason. They probably decided that they didn't want to spend the money to actually port it.
The big banks seem to be heavily pushing mobile banking and apps like Zelle. I cynically wonder ;-) if they prefer mobile banking because it discourages customers from balancing their bank accounts and discovering how much is being skimmed from their bank accounts by assorted service charges.
 



But really, does ShopSafe have to depend on Flash? I think not. It seems other vendors provide similar services without Flash, like Citi Virtual Account Numbers to name one.
I just tried generating a virtual account number for my Citi Double Cash Back card via the stated link, and the process required Flash. Drat.
Oops. Now I regret ignoring my first instinct, which was not to post a reply... Also regret that I assumed that no one else would use Flash for such a purpose. Sorry!
 


I'm referring to the single virtual number one can manually enter for online purchases, seen in the Apple Wallet's info for the card. This number stays constant until you regenerate it.
Is this true for [non-Apple] cards or only for banks that enable it? I am unable to find this number on my cards, all of which are from Chase. I'm using iOS 12.4.1.
 


One related surprise: I'd posted a "real" card to Consumer Reports online. The card expired, and I'd decided not to renew. Somehow CR managed to bill and collect the renewal without the new card's dates....
Some banks will allow new charges from companies that they know are subscription-based, even though an account is over-limit or even cancelled due to fraud (in which case, the charge is automatically sent to the new account), if the company has repeated charges in the past.
 


I recently switched alarm monitoring companies. My old company was being recalcitrant in closing my account (emails, voice mails, certified letter, etc.), so I called the bank (Citi) that issued the credit card that was being used for the monthly auto-debit. They told me that the security company was allowed to auto-debit my card as I had given them permission to do so. To my surprise, they refused to let me delete that permission. So, every month for the last two months, when the auto-debit for the old alarm monitoring company comes in, I have disputed the charge and had it reversed in my favor. I suppose one of us three will eventually become tired of doing this and will update their records. It won't be me.
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts