Digital credit card security transformation with Google

Capital One and Google have collaborated to enhance credit card security through Google Pay, allowing users to seamlessly use virtual cards on Chrome and Android. This partnership is a testament to Capital One's digital transformation, akin to seeing a mountain's full majesty after days of obscurity. Having fully embraced the public cloud and prioritized user-centric design, Capital One is pioneering in the space. Launching the virtual card feature in Google Chrome and Android is a significant milestone in this journey.

Capital One is the first U.S. bank to be all in on the public cloud, closing down our last data centers in 2020. This is just one recent step in our technology journey alongside our cultural transformation to adopt agile product management, our unwavering focus on the user experience by making design and user research as high of a priority as tech investment, and our data evolution to become a machine learning first company. These types of efforts on such grand terms are often scary, risk-prone, and you don't see the incremental benefits at each step.

That’s until one day when the “mountains are out", you see how it all adds up. With the virtual card feature built directly into Google Chrome and Android, the mountain of Capital One's digital transformation is peaking through the “clouds”. See what I did there?

A virtual card number is a randomly generated number from your credit card issuer that is linked to your credit card account. They allow you to shop online without giving stores your actual card number. Because virtual cards are tied back to the existing credit card account, customers accrue all the same card benefits or rewards, and the transactions appear on account statements as they normally would. Virtual cards make online shopping more convenient and more secure by letting customers pay for purchases in their browser or via a mobile phone app without sharing their actual credit card information with merchant websites and risking someone getting access to that info in the event of a hack or data breach. 

Capital One introduced virtual cards in 2017, surfaced via a browser extension, and they've been growing in popularity ever since.

When we first started this journey to virtual cards in 2017, we took a strategic bet. We started our tech transformation several years prior and after surveying the market solutions, we decided to build our own virtual card platform in-house and from the ground up. We felt this would be an innovation in the market to enable our customers to transform how they interacted with their credit cards from an analog concept to a truly digital experience. We knew this would become a new paradigm and more central to our business than many others were thinking about. So we took the bet, and built a peak in the clouds. We built the platform on highly resilient technology, with tremendous flexibility and performance potential. First enabled by our browser extension, virtual cards were then made available on our mobile app, our web apps, and now, through the collaboration with Google — Capital One credit cardholders can use virtual cards from Capital One quickly and easily on Chrome or Android anytime they're checking out at a merchant online. No extension is required, it just works when you need it, where you need it. 

However this is just one part of the mountain.

The next time you're shopping online on Chrome or on an Android, if you’ve added your Capital One card to Google Pay and enabled virtual cards, you'll see an option to use your Capital One virtual card where you're used to seeing your actual credit card numbers. You no longer have to get up to find your physical card to grab your CVV and expiration date. A virtual card is available at checkout and can be pre-filled with one click. To bring this to life, we were able to stand on the foundation of years of infrastructure enablement, which is Capital One at its heart. This enabled us to bring bank-level security, controls, and auditability to API development, while ensuring that we are bringing the fastest protocols to the table like gRPC to ensure transactions can be as optimized as possible. 

One of the amazing things about Capital One virtual cards is that they are designed as a ‘security first’ utility. Capital One creates virtual cards that are retrieved at the specific merchant checkout by Google –- and Google doesn't store or save the card info you're presenting to the merchant. We do this through machine learning models, which smartly identify an underlying merchant site or Android app, and ensure that the virtual card for that merchant only works for that merchant, thus reducing the risk for our customers. This machine learning model would not have been possible without the institutional and cultural transformation Capital One has gone through to build out the right tools, talent, and methods to bring things like this to market. 

Collaborating with Google allowed rapid innovation with strong enterprise resilience. The serverless technology in our API integration ensures scalability and lets our developers focus on performance, all while maintaining bank-grade security. This agility is a benefit of fully embracing the public cloud.

The last element of this journey that showed through in our collaboration with Google, was the collaboration itself. Capital One has undergone a real end-to-end workforce enablement transformation to ensure we can collaborate with the most modern technology partners in the industry. We started on this journey in 2012 when Capital One began to build our engineering capabilities in-house. Then, in 2013, we fully adopted modern agile practices at scale while also instilling the value of best-in-class UX design and product management. We have built an integrated Design, Product, Delivery, and Technology organization from the ground up to enable both craft and collaboration. Our solution was so well integrated with Google that it appeared to users to be a purpose-built, singular product, as opposed to a bolt-on to Google's services. This is a credit to the maturity of this cultural transformation we’ve been going through for almost a decade. It also goes without saying, this entire effort was designed, implemented, integrated, and deployed during a global pandemic where the Capital One and Google teams never actually met in person. Capital One’s investment in cloud SaaS-based productivity tools, long before the pandemic, like Google Workplaces, really paid off here.

Mountains always look like paintings from far away, even when you can see them. The trees blur together, the craggy rocks appear softer. Sometimes the clouds against the blue sky are indistinguishable from the snow-covered peaks. Looking at how Google and Capital One were was able to bring the security of virtual cards to as many consumers as possible, I can see the entire outline of the mountain. I am excited to see our collective team at the peak and help transform the world of digital credit card security.

Enrollment for virtual cards with Google Pay may not be available to all Capital One customers, depending on the types of accounts held. We are constantly working to expand virtual cards with Google Pay to more of our customers.

Virtual cards through Google Pay are currently available in Chrome for desktop computers (Mac, Windows, and Linux), Chrome for Android, and via merchant apps running in the Android OS. Additional availability may be added in the future, including Chrome for iOS.