Provided is a method of generating one-time code that can enable credit payment with improved security to be carried out by enabling one-time code to be generated in a such a way that the one-time code issued to a payment device cannot be inferred or expected by other persons. The method of generating one-time code, which is performed by a card company server providing one-time codes to payment devices when one-time codes are requested by the payment devices, the method, comprising steps of: allocating the payment devices to an index table according to an order of one-time codes being requested when the one-time codes are requested from the payment devices; obtaining digit strings from a one-time code table having one-time codes using target addresses non-sequentially provided in an index table; and generating the one-time codes including the digit strings and a Bank Identification Number (BIN) in a published state.