Recently, some credit card companies have introduced limited-use credit card numbers—for example, American Express’s single-use card numbers and Visa’s gift cards. Such limited-use credit cards limit the exposure of a traditional long-term credit card number, particularly in Internet transactions. These offerings employ an on-line solution, in that a credit card holder must interact with the credit card issuer in order to derive a limited-use token. In this paper, we describe a method for cryptographic off-line generation of limited-use credit card numbers. This has several advantages over the on-line schemes, and it has applications to calling cards as well. We show that there are several trade-offs between security and maintaining the current infrastructure.
|Original language||English (US)|
|Number of pages||14|
|Journal||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|State||Published - 2002|
All Science Journal Classification (ASJC) codes
- Theoretical Computer Science
- Computer Science(all)