Purchasing items on the Internet with credit cards is risky-due to the ease of gaining the information without having the physical card. The ease of phishing, spoofing, or other ways perpetrators can obtain a consumer's credit card information. The threat of identity theft is growing as we rely more and more on the Internet to make purchases. To mitigate risk, we present a new Multi-Layer Defense (MLD) model. Our proposed MLD model combines the strong two-factor authentication capabilities with a unique random code that is only valid for an active session. Essentially, two-factor authentication is an extra layer of security used in addition to username and password to better confirm the user's identity. This code serves as a private key to authenticate such online transactions. The code can be utilized to identify users and establish secure ways of purchasing items. The proposed MLD model uses devices to log into card accounts via an application to view a generated code. The generated code is inputted on an online retailer's website to authorize the use of the credit card. This minimizes the possibility of an illegitimate user gaining access to another individual's credit card. Without a valid code, impostors cannot use the stolen card information to make purchases that could harm the account holder. To show the practicality of our scheme, we provide one case study between a Consumer A and Consumer B that explains the difference in outcome by using the proposed MLD model.