it's practically trivial to bypass this if you really want to. CapitalOne in the US allows you to have virtual cards that can be verified but you can delete and block at any time for free if you have a credit card from them. I'm sure the practice discourages casuals from gaming trials, but it just feels like it's making life miserable for paying customers but doing almost nothing to stop bad actors
If you also ban virtual and pre-paid cards it cuts this to almost zero.
There is a difference, this rocket company is not really going to generate a new virtual card every time? You think their business bank account even supports that?
Considering it's a startup, high likelihood they are using something like Brex, which does support virtual card numbers.
Those types of card numbers are detectable though.
How? Based on issuer identification number?
As one example, Oracle Cloud's Free Tier sign-up prevents any type of virtual card.
I'm pretty sure it can be done via the IIN. Services like https://binlist.net/ provide a convenient solution to identify if it's a prepaid card.
They are detectable only if the issuer has a dedicated BIN for virtual cards. If they issue in the same BIN as your regular card, there's no way to detect without issuer cooperation, which would defeat the point.
> CapitalOne in the US allows you to have virtual cards
Anything recurring will not take a virtual card or gift card in the US.
I got burned on this a couple times until I figured it out.