Capital One Virtual Cards could be perfect if they weren’t so dumb

Capital One has a nifty feature called virtual cards–these enable you to generate unique credit card numbers, expiration dates, and CVC codes that you can provide on an individual basis to each vendor you transact with (or at least the ones that will accept just a card number–not a physical card–like your online vendors).  You can have one virtual card for Amazon (ugh), another for Uber (ugh vomit), etc.  Each virtual card is associated with an actual physical card.

If Amazon suffers a data breach, then you only have to cancel the virtual card assigned to Amazon–at least that’s the way it should work.  But for some idiotic reason, Capital One will cancel your physical credit card whenever its associated virtual card is compromised–and it seems that you have to fight for them to not cancel all other virtual cards when one virtual card is compromised.

I’m not a IT security expert, but this makes no fuckin sense to me.  I attempted a purchase from a website using a virtual card on Sunday.  Turns out it was a scam site, and that one virtual card number was compromised.  The scammers had access neither to the physical card credentials nor any of the other virtual cards.  But instead of merely deleting my compromised virtual card, Capital One canceled my physical card, and I can’t use it or any of my virtual cards until the new physical card arrives.

Their own damn website (see link above) promises better:

This is the second time this has happened to me this year–it’s a total waste of time for Capital One customers, a complete waste of time for Capital One employees, and a demonstration of absolutely idiotic policy-making at Capital One.