A system for managing user accounts and controlling anonymous access to resources over data networks for a plurality of provider members in a manner to preserve the secrecy of the identity of a user who is in a home provider's user/customer base. The system includes a means for sharing non-identifying user information and charges among a plurality of service provider members, including a home provider and an outside provider, a means for enabling a user who is registered as a customer with the home provider to anonymously access the resources of the outside provider, a sharing means adapted to allow the system to permit the home provider to enable access by the user to the resources of the outside provider without requiring either personal identification or an open account for the user at the outside provider, and a verification means separate from the home provider adapted to allow the outside provider to determine the user's access privileges and criteria. The verification means may include a token and authentification server. The verification means preferably does not have access to personal identification information of the user. Preferably the verification server is separate from the provider members. In another aspect, the system includes means for enabling a user who is registered as a customer with the home provider to access the resources of the outside provider, while allowing the appearance that the resources are accessed directly from the home provider.