
Privacy – Forget Your Credit Card - doomrobo
https://privacy.com/
======
ac29
In case anyone didn't catch what this actually costs, the answer is: 1.5-2%,
which is the rate you could get cash back (or airline miles/etc) with good
credit.

Because this service draws directly from your bank account, and takes what
would otherwise be your rewards from the credit card fees their banking
partners charge, it provides a nice business model for them at the cost of you
getting 0% rewards back. Not worth it, in my opinion.

~~~
AznHisoka
In the footer it also says its accepted everywhere Visa debit cards are, NOT
credit cards. That's a huge caveat because debit cards aren't as universally
accepted as credit cards.

~~~
loeg
You can pretty much universally run a debit card as a credit card. It's the
other way around that's expensive.

~~~
dcosson
A merchant can choose to decline prepaid debit cards, e.g. here's how the
braintree api exposes it[0]. I assume that's what this shows up as.

[0]
[https://developers.braintreepayments.com/reference/response/...](https://developers.braintreepayments.com/reference/response/credit-
card/ruby#prepaid)

~~~
akhatri_aus
A prepaid debit card is different from a plain old 'debit card'. The debit
card is accepted everywhere a credit card is (as long as it says Visa or
Mastercard on it).

In fact a few places accept debit cards but do not accept credit cards as fees
with debit cards can be lower.

There's just a handful of subscription merchants that don't take prepaid debit
cards.

~~~
URSpider94
The problem comes with things like hotels and car rentals. For example, I'm
staying in a hotel tonight, and they just authorized my credit card for $200
more than the nightly rate to cover incidentals (the notice came to my
iPhone). If that were a debit card (or Privacy), they would have to pull the
full amount from my checking account right away, and it could be days or weeks
until they put it back. Since it's a credit card, they'll release the hold
when the final bill comes through in a day or two, and I'll never know the
difference.

~~~
akhatri_aus
You can put a hold on a debit card too without pulling the entire amount (they
run an authorisation and release it immediately) I've used it to rent cars and
hotel rooms, they do a check but the amount isn't 'blocked' off. In effect
your statement looks just like a credit card.. There's absolutely no
difference except with a credit card it's a borrowed balance.

I'm not too aware of how cards are in the US but generally in Europe &
Australia (afaik) they're this way. Do cheque cards have mastercard/visa on
them in the US (What about maestro/electron)?

~~~
URSpider94
US merchants don't do this. Most of the ones who take a deposit (hotels, car
rental) have signs at the counter warning that they may put a substantial hold
on your cash if you use a debit card, which won't be released for quite a
while.

You are right -- if the card is bank-issued, then they can simply place a hold
and release it without money flowing. With Privacy, it would seem they will
need to actually pull the cash to be able to ensure that its there when the
final charge comes through. Curious to see how this plays out.

~~~
fluxquanta
>US merchants don't do this. Most of the ones who take a deposit (hotels, car
rental) have signs at the counter warning that they may put a substantial hold
on your cash if you use a debit card, which won't be released for quite a
while.

My company used to send us on work related trips which were paid for in
advance, but relied on us to provide our own cards at the hotels for
incidentals. After a few (presumably less financially stable) employees used
debit cards with low balances to check into hotels (effectively leaving them
with no money during their stay), this policy changed so now the company
credit card is used for hotel check-ins.

I personally hate the new policy because I have good credit and like getting
room service, and for some reason I find it kind of emasculating that I'm not
allowed to use my own card.

------
boling11
Hey HN - Privacy.com co-founder here. I'm really excited to share what we've
been working on for the past year and a half or so.

We've been neck-deep in payments stuff on the card issuing side (getting a BIN
sponsor, ACH origination, etc), so happy to answer any questions on that front
as well.

P.S. For new users, your first $5 donation to watsi.org is on us :)

~~~
wfunction
I had a general question about card numbers.

Say there are 3E9 people on Earth, each with 3 cards. That's around 10 digits
right there. There's 1 digit for checksum. I imagine you'd want to leave space
for least 1000 financial institutions around the world, so that's another 4
digits. Which means you can only have 100 transactions per person.

None of this takes into account the fact that the same people are issued way
more than 3 card numbers either.

So my question is, how are we not close to running out of card numbers? How is
this not even a problem yet?

~~~
driverdan
> Say there are 3E9 people on Earth, each with 3 cards.

You vastly overestimate the number of people with credit cards.

~~~
scrollaway
It averages out. The people who do have credit cards are issued far, far more
than 3 numbers in their lifetime due to cards expiring/being cancelled,
promotional offers etc. I myself have had something like 10-15 different card
numbers in the past 10 years, without actually trying.

------
tedmiston
My biggest question with Privacy, and of any one-time use credit card numbers
service, is always:

Will it affect my rewards? Will businesses still show up unaffected with the
same categories on my credit card statement? (I have a travel rewards only
card, so breaking the rewards flow is a deal-breaker for using a higher level
service.)

Edit: I misunderstood the service as being able to be layered on top of normal
credit cards. It looks like the funding source is only bank accounts for now.
Still my question remains if building on credit or debit cards is on the
roadmap.

Edit 2: They are one-time use numbers, right? "Use at merchants" (plural)
seems to possibly imply otherwise.

> What happens when I generate a new Privacy card?

> We'll give you a random 16-digit Visa card number that you can use at
> merchants that accept Visa debit cards...

Edit 3: It sounds like the business model results in keeping the money that
would go to rewards on a normal card.

> How do you make money?

> Every time you spend using a Privacy card, the merchant or website pays a
> fee (called interchange) to Visa and the issuing bank. This fee is shared
> with us. We have some premium features planned, but rest assured, our core
> virtual card product will always be free and we will never sell your
> personal data.

~~~
cubano
Don't you see that rewards tracking is actually the antithesis of this
service?

That's what those "free" rewards really are...getting more detailed
information on your spending patterns and profile so they can resell that info
to interested parties.

~~~
superuser2
Not particularly, though it may factor in. Rewards are primarily a kickback
from the company's ~3% cut.

~~~
pcooney10
Yea +1 to that. Transaction fees are where card issuers profit the most, the
rewards are just a share of their take.

------
soneca
Is that something that new? My bank (Itaú, in Brazil) offers this option for
some time now.

Here(in portuguese): [https://www.itau.com.br/cartoes/cartao-
virtual/](https://www.itau.com.br/cartoes/cartao-virtual/)

Or am I missing something?

Edit: They launched it in 2002:
[http://exame2.com.br/mobile/tecnologia/noticias/itau-
agora-t...](http://exame2.com.br/mobile/tecnologia/noticias/itau-agora-tem-
cartao-virtual-m0075912)

Edit2: Sounds new in the US. This is not supposed to be a bragging/snarky
comment. Just genuinely surprised as innovation usually come the other way
around, from US to Brazil. So Congrats on the launch! Good job, sounds tough
to launch it not being a Bank!

~~~
ajkjk
I've never heard of anything like this in the US. So I think it is new here,
at least.

~~~
gervase
A few credit card companies offered this in the mid-2000s (Providian and Citi,
possibly more), but it seems to have fallen out of favor in the intervening
time. I liked to have it as an option, so I'm glad it's making a comeback.

------
drglitch
Both citi and bankofamerica (and I believe so, but didn't personally use,
Wells Fargo) offered this service for free on their CC accounts in mid to late
2000s.

You could set limits per number, have it lock to just single merchant, etc.
pretty nifty when paying some wacky merchant online.

All have since shuttered the service because pretty much every CC comes with
purchase protection that you can invoke to charge the vendor back in case of
something going wrong.

Virtual CCs provide very limited utility in my mind - because the place you're
likely to have your CC swiped - a bar or a cab - are still going to use only
the legacy plastic version.

~~~
ikeboy
This is incorrect. I've used the citi offering recently.

Abine.com also has such a service.

~~~
JoblessWonder
Yeah, Citi for sure still offers this product. And I still use it for vendors
I don't use regularly.

------
mirimir
It's an interesting idea. However, I'm not comfortable with a third party
having all that information. Some banks issue "corporate" cards, with numerous
"employee" cards. I already trust the bank, after all. So what else does
Privacy.com provide that's worth the risk? They're still subject to KYC,
right? So there's no strong privacy. Or am I missing something?

~~~
boling11
We are still subject to US AML / KYC laws. But the cool thing about these
cards is you can use any name or billing info you want with them, so don't
have to worry about your info getting leaked if some website you bought an
indie game / song / whatever from 6 months ago got hacked.

~~~
mirimir
OK, so that would have protected Ashley Madison users. Because none of the
likely interested parties (partners, private investigators, etc) would have
leverage to get information from you. Same for users buying porn, unless they
get investigated for child porn. That's not a KYC issue, but there will be a
subpoena. And I'm assuming that you must comply with all subpoenas.

Edit: I wonder what your burden would be in bankruptcy cases.

~~~
boling11
Ashley Madison and porn users are easy targets. But broadly-speaking, we just
think you just shouldn't have to share your personal info with a random
merchant you want to buy something from.

It's anti-privacy in the guise of being anti-fraud.

Yes, we do have to comply with subpoenas.

~~~
mirimir
Yes, I totally agree.

Still, users arguably need to trust you more than they trust traditional
credit card companies. But it's about the same as PayPal, I guess. They often
_do_ have access to users' bank accounts.

So anyway, I get the point. It's a useful service.

------
zgubi
@boling11, why does privacy.com need access to my online banking on an ongoing
basis, after the initial signup is finished?

I have changed my online banking password after signing up successfully, and I
received an email complaining that "Our connection to your bank is broken".

I can understand the need for initially providing my banking credentials for
AML/KYC reasons, but I feel uncomfortable with your company continuing to use
those after the initial check.

Why can't you just use the routing/account numbers for ACH after the initial
signup?

~~~
boling11
We don't actually store your credentials. We work with Plaid.com, and take a
token which we can use to pull balance information. This allows us to fund a
transaction in real time and take on the risk of ACH. When you change your
credentials, that token gets reset.

If we took routing / account numbers, you'd have to preload your account and
wait up to 3 business days. It's something we're definitely looking into
though as well though.

~~~
ouroborus
Paypal handles these kinds of transactions just fine without preloading and
without needing my bank account's username and password. In addition, banks
typically tell you to never hand out those credentials even to their own
employees.

------
__d
I understand why you need it, and I want this service in a big way, but I'm
just baulking at giving you my online banking username and password. Why
should I trust you with that?

~~~
Raphmedia
We already trust mint.com with this information. I don't see the big issue.

~~~
sp332
Not everyone does. And anyway it's owned by Intuit which has a much longer
track record than this new company, so it's not the same thing.

~~~
nommm-nommm
This Intuit? [http://krebsonsecurity.com/2015/02/turbotaxs-anti-fraud-
effo...](http://krebsonsecurity.com/2015/02/turbotaxs-anti-fraud-efforts-
under-scrutiny/)

~~~
ryanlol
How's that article relevant? It's the typical Krebs "IRS sucks" piece with
some intuit mixed in, because apparently even fraudsters - doing potentially
hundreds of filings a day - think that turbotax is the most convenient way of
filing _your_ taxes.

------
orf
> Privacy is PCI-DSS compliant. We are held to the same rigorous security
> standards as your bank.

I always giggle when I see that.

~~~
chucksmash
There's a relevant (and pretty funny) ServerFault question from 2011 I'm
immediately reminded of:

"Our Security Auditor Is An Idiot. How Do I Give Him The Information He
Wants?" [http://serverfault.com/questions/293217/our-security-
auditor...](http://serverfault.com/questions/293217/our-security-auditor-is-
an-idiot-how-do-i-give-him-the-information-he-wants)

~~~
pixard
Wow that was a interesting read, to say the least. Thanks for the link!

------
nommm-nommm
"Never forget the cancel one of those pesky 30 day free trials."

This is very misleading to say the least. Not paying for a service doesn't
cancel a service. If they tried to bill your card and the card was rejected
that doesn't mean the service is cancelled.

~~~
callumlocke
The point is they can't charge you again. I'm struggling to see what you are
getting at here.

~~~
nommm-nommm
They may be able to still bill you and you may be legally obligated to pay,
you are just taking away their way of automatically collecting the bill. You
may still actually owe the bill; just because you didn't pay a bill doesn't
mean you don't owe the money.

All this depends on the company, what you signed up for, if it was a contract,
the TOS, etc, etc, etc.

For a real silly example to illustrate - lets say I signed up for Comcast and
gave them a single use credit card number for automatic bill pay. When the
second month comes around they attempt to charge my credit card and the card
is declined. That doesn't mean I suddenly don't have to pay my Comcast bill,
it just means they can't collect it automatically. Comcast will take a few
months to cut off service[1] so you'll end up owing them several hundred
dollars. Eventually if you don't pay they could send you to collections.
Collections can take you to court and then when they win they can garish your
wages, etc, etc.

Yes, I know this is a silly example and its unlikely to happen with the
majority of "free trial" services on the net but that doesn't mean its
responsible to basically advertise "yeah, just give any company a temporary
number for a free trial and forget about it." Especially since a lot of
services with a free trial are with companies that have a lot of resources.

A less silly example would be if I signed up for a gym with a two year
agreement and a year later I canceled my credit card and stopped going to the
gym. In that case the odds of me being billed further and sent to collections
is very very high.

[1] they do that around here, I know someone who only pays their Comcast bill
every 4 months or so...

~~~
reviseddamage
The mitigation they are referring to is the deceptive recurring billing fraud.

------
nommm-nommm
So what happens when I have to return something and they put the money back on
the card I used to purchase it?

~~~
boling11
The refund will go directly back to your original funding account.

~~~
nommm-nommm
How does this work if the number is temporary? Is there a time limit for a
refund?

------
gwintrob
Great company name. How'd you get the domain?

------
drglitch
Quick question to founder lurking here - if you're advertising yourself as a
credit card and yet you do not extend credit (and use bank account as funding
source) aren't you misadvetising? If it's just a virtual debit card, you are
likely providing far less protection to consumer than a credit card would.

------
mkhalil
I'm in love. Seriously, been waiting for this for soooo long. And the fact
that the website supports two factor auth + is SUPER easy to use makes this a
double whammy!!! :)

I've been a customer for about 5 minutes, have used it twice, and am already
going to recommend it.

edit: I'm quite aware that this has been possible, but both banks/credit cards
that I have make me jump through tons of ugly UI and clicks to make it happen.

~~~
ikeboy
Have you tried [https://abine.com/](https://abine.com/) ?

------
habosa
This is one of those things I have wanted to make so many times and I assumed
it would either be technically impossible (card numbers not actually a huge
number space) or it would just get marked as fraud.

Excited to see someone giving it a try.

~~~
bluecmd
Obligatory country smug. We have had this in Sweden for at least 5 years,
possibly a decade.

~~~
nommm-nommm
Plenty of US companies either currently offer this service or have offered it
in the past. This isn't exactly a new concept.

These services aren't usually very popular.

------
jjallen
Wish they explained this better:

"Please ensure this information is accurate. We're required to __verify this
information against public records __. But don 't worry, we'll keep it
private."

I suppose I'm legally opening a bank account, which has similar requested info
as this, but are they checking my credit (probably not, I know, but it makes
me uncomfortable)? Will wait a while.

~~~
boling11
You're right the language here should be better. FWIW, you're not opening a
bank account and we aren't pulling a credit check (per our FAQ). We cross
check the information as part of our AML / KYC policy.

~~~
jjallen
What are those? EDIT: Probably some money laundering stuff?

~~~
__d
Anti Money Laundering / Know Your Customer

------
electic
I signed up for this. Sadly, it is not what I thought it was and the website
does not make it very clear. Basically, this is for online purchases only. To
make matters a bit worse, it wants to connect to your real bank account.

What we need here is a physical credit card that I can use in the real-world
that has a new number on each swipe. Most of my historical fraud has happened
because I probably swiped my card at a location that was compromised.

Just my two cents.

~~~
BukhariH
If you use Apple Pay then that's exactly what you get. A unique credit card
number is generated per transaction and passed to the merchant.

Not only is it more secure but it also helps protect your privacy against
retailers that use your card number to track your purchases across their
brands.

~~~
noamsml
Apple Pay uses the same token for many transactions. It's not unique per tap.

------
jcrawfordor
I accept that disabling JavaScript is generally a losing battle, but it
specifically irks me when the website of a privacy-centric service is just
completely blank if you don't have JavaScript enabled. Of all 30 people out
there browsing without JavaScript, it seems like they have an elevated chance
of all wanting to learn about this service, and I find myself moderately
discouraged from trying it by this issue.

~~~
boling11
You're right. We should've done a better job with this. It was a trade-off and
we decided against, but we should done a better job communicating it.
Hopefully you can enable Javascript for us and give it a shot :).

------
cemregr
The email you send to verify the bank comes off as SUPER shady. It reads
exactly like a phishing email. It doesn't talk about which site / bank I'm
using. Might be worth fixing.

From: Account Management Team <account.management@acctmanagement.com>

....

Thank you for being a valued customer.

Sincerely, Online Banking Team

~~~
boling11
So the crazy thing is that's actually an email from your bank :E. We have no
control over the formatting of that email.

------
film42
This is super close to the product that I really really really want. The only
thing that's missing for me, is that this requires a checking or savings
account. When I purchase something with my credit card (most things), it's
because I want the rewards program points. With this, I don't get that. If I
can't pay with my credit card, then I'm losing money (~$300/yr).

I really want a product that let's me proxy my credit card (and change it when
I get a new card). I want a firewall for my credit card.

------
tome
How do they not run out of numbers? According to this random image I found on
the internet, each bank has a space of one billion card numbers. If you have
ten million customers, say you're going to run out of these very quickly.

[http://www.financetwitter.com/wp-
content/uploads/2014/08/Cra...](http://www.financetwitter.com/wp-
content/uploads/2014/08/Cracking-Credit-Card-Numbers-MasterCard.jpg)

~~~
usaphp
Can you have a same number as somebody else but with a different expiration
date, csv number and/or cardholder's name?

------
mindslight
I like this, especially the repudiating of the privacy-hostile billing
name/address voodoo. But I'd worry about forgoing the traditional protection
of credit card chargebacks, and having to rely on debit card terms and direct
ACH.

~~~
boling11
We make chargebacks just as easy. There's a button you can click next to the
transaction that will initiate the dispute process - we'll deposit the funds
back in your primary funding account and follow up with you, then resolve with
the merchant. You're also covered under Visa's zero liability policy.

~~~
mindslight
Sure, but an unauthorized charge is a clear cut case. I'm talking about an
authorized charge from a merchant who is later uncooperative for whatever
reason. I would think that a longstanding credit card company would have a
more account-holder-friendly dispute process, but perhaps this is just a
perception you have to overcome. Furthermore with a credit card one never
loses the money until they decide to transfer it, regardless of company
policies.

------
dogma1138
Mastercard has this service in quite a few countries, the downside is that
usually they do not offer the same insurance as for the normal cerdit card and
those cards will not pass an actual credit check. Other issuers, banks, and
other organizations (post office for example) also offered similar services.

I never really liked these services they don't really support recurring
payments, some of them force you to purchase a card with a specific amount
rather than it being valid for a specific transaction, some times they have
issues with various 3d party checks (pre-paid card check, region lock/address
verification, fraud etc.) and more importantly it's not an elegant solution as
you end up with allot of credit card numbers.

Overall while this one might have a nice UX it doesn't really solve a problem
that hasn't already been solved either through Paypal or trough your own
credit card company. I can see all payments on my Amex and Visa cards in the
UK, I can check which ones are recurring, I can initiate a charge back and for
everything else well there's paypal which offers even an easier UX.

~~~
tacostakohashi
The reason this doesn't solve a problem is because it's an attempted
technological solution to a non-technological problem.

If you're going to do business with someone, a certain amount of trust is
required, and there isn't any working around that with technology. If you
don't trust a vendor to refrain from stealing your credit card information,
how can you trust them to actually deliver the goods, not spit in your food,
honor the warranty, etc, etc? Alternatively, if you do trust them to do those
things, trusting them with your credit card number isn't much of a leap,
especially given that banks are actually incredibly efficient at identifying
and dealing with fraud, if not preventing it outright.

~~~
dogma1138
Well it does solve a small technical problem, trusting vendors is hard Sony,
Target etc. are "trustworthy" but still got nicked and the credit card data of
millions of customers was compromised. But that's not a problem most consumers
have to deal with, their credit cards are insured, debit is a different story
but in the US at least the amount of debit transactions is still fairly
limited.

The biggest issue i see with this is that this isn't the most sustainable
business model credit card costs are balanced more or less by the trust that
the issuers has in the credit card holder (your credit limit, interest etc.)
and the trust the acquirer has in you when you perform a transaction, prepaid
cards are more or less notoriously untrusted by both because the issuer
basically thinks you are too much of a liability to give you credit and the
acquirer doesn't know who you are because that card has no credit history and
single use cards are much more often abused for illicit purposes.

------
cordite
The stop subscriptions aspect really stood out to me, I had to spend 40
minutes on the phone with that darn company to get things canceled, even
though I only used it for one day for an hour.

~~~
sp332
It's important to remember that just cancelling a payment method doesn't
necessarily mean you're unsubscribed. If you're still getting a service,
you're still on the hook for paying for it one way or another.

~~~
The_Magistrate
If this is true, then Privacy.com doesn't resolve this obligation. The
temporary card number won't be chargeable by the merchant, but you'd still be
on the hook for the renewed (and unpaid) service.

~~~
mindslight
It certainly changes the burden of notification. A company can setup many
hoops for canceling, forcing you to go through some asinine phone tree and
drone script to stop charges to your card. Whereas lacking an established
payment channel, they can no longer play dumb if you eg send them a simple
email to cancel.

~~~
doomrobo
I think this is one of the best aspects of the product. The power is shifted
to the customer.

------
fuzzywalrus
I'm not sure if I'm ready to hand over personal details to Privacy, there's
not much assurance other than "We'll never sell your data to anyone".

Does privacy.com see where I make all my purchases? Is there a collection of
my metadata? What assurances do I have that you take personal privacy
seriously?

------
r1ch
Any way this works without a browser extension? I'm assuming such an extension
has full access to every single page in order to do its job, which is a huge
security risk. You don't need to be reading my emails or passwords.

~~~
boling11
It does :), you can create directly from your dashboard without an extension.
The current onboarding flow pushes you towards creating a card first, but
we'll patch that.

~~~
r1ch
Good to hear! Bring this to Europe and I can see it being very popular, credit
cards aren't as common or easy to get here and ordering outside of your local
country often requires one. I imagine that's still a long way away though :).

~~~
thesimon
Credit cards are hard to get in Europe? If you are talking about cards with
credit line, sure, but debit/prepaid cards are pretty easy to get (e.g.
Number26, Monese, Revolut, Fidor etc).

~~~
nextos
How about virtual one-use ones?

~~~
thesimon
Sorry for the late reply. Maybe check out Entropay, they are 4.95% though.
Some airline booking sites even provide a discount when paying with one.

------
rgbrgb
Is this Final without a physical card?

[https://getfinal.com/](https://getfinal.com/)

~~~
elithrar
It looks like that to me. I loved Final's ad (done by Sandwich Video) but
they've been in "closed beta" for a long while.

~~~
arfrank
We're still hard at work, working on getting it in consumers hands shortly.

~~~
elithrar
Great to hear (I'd love to test; coming from Australia, the lack of chip+PIN
here is worrisome! Final would cure a lot of that for me)

------
iamleppert
It looks like funding is done via ACH. Does your business operate a credit
operation as well to handle the risk of spending money and unable to complete
the ACH transaction?

I've always wondered about the business side of that...where does the money
come from, how is individual debt handled. Do you operate collections? How do
you do this without requiring a credit check? etc..

------
Swizec
At first I was really really excited. This is something I've wanted for months
if not years.

Then they asked for my bank username and password.

~~~
n42
Yes, I really don't understand how this could not act as a sort of .. load
balancer .. for my credit/debit cards. Why does it need to login to my bank
account? This seems entirely unreasonable.

------
bluejekyll
A problem I experienced with temporary card numbers is when you need that
credit card number again to refund back a purchase if it was needed (out of
stock, wrong thing, returns, etc).

I remember having a lot of trouble with the vendor because of this, so I
stopped using them. Does this deal with that in some way?

~~~
boling11
Yup - you can grab old numbers from your dashboard or iOS app (coming soon
pending approval).

------
URSpider94
I think people are over-thinking this offering a little too much. People who
are asking if the company will resist a subpoena, or if all customer data will
be irreversibly encrypted, are expecting too much.

The main purposes of this product are to be able to mask your marketing data
(name, address, phone) to businesses, and to mitigate damage in the event of a
data breach (any stolen card numbers are useless).

It's not going to prevent a government entity from subpoena'ing your records
and finding out what you've bought. Also, if you're buying anything that needs
to be, you know, shipped or emailed to you, you're kinda going to have to give
a valid address. Under the default settings, they also include the merchant
information in the feed back to your bank, so your bank still gets all of the
info on where you're shopping and what you're buying.

Finally, I am very skeptical of their claim about walking away from
subscriptions and trials. Sure, in theory, you make it much harder for vendors
to track you down, but by law, you're agreeing to pay for the company's
services when you accept their agreement, and if they do bother to subpoena
your information and come after you, if they find out that you presented them
with a fraudulent name, phone number and address, I don't expect that would go
well for you in court.

~~~
boling11
That's fair, if you're doing something illegal that may result in a subpoena,
this is not the product for you.

However, that doesn't mean what we're doing isn't meaningful. We just think
that you just shouldn't have to share your personal info with a random
merchant you want to buy something from.

This notion that passing along your billing info is going some how
substantially cutting down on fraud is ridiculous. It's anti-privacy in the
guise of being anti-fraud.

And yes, it's fair, if you skip out on a gym contract, you do risk getting
taken to collections. We're mostly talking more about the ticky tack,
deceptive recurring billing fraud. We can do better. We'll make the language
clearer on our home page.

~~~
rsync
"We just think that you just shouldn't have to share your personal info with a
random merchant you want to buy something from."

FWIW, this is, and has been, possible with regular credit cards for as long as
I've used them (20 years ?)

Nobody anywhere checks the name on a card. Nobody. Not amazon, not google, not
a small online retailer, not a large one. Nobody. Zero.

I made up a default fake name ten years ago and have used it consistently for
everything from DirecTV[1] to my daily-used Amazon account to magazine
subscriptions.

Yes, of course they have an address (not my home, but an address I control)
and of course a global observer (or just my bank) can correlate and index
everything I purchase ... but not any of those vendors.

[1] Yes, this does indeed imply that I paid them the big up-front payment
instead of allowing them to do a credit check with my name and social. This is
a very rare downside, however.

~~~
matthewarkin
Only American Express offers name verification to merchants. When it comes to
address verification, only the numeric data gets checked. So for an address
"123 Main Street" would match "123 Bryant St" as well

------
mfkp
Very useful - my citibank credit card used to have a feature like this many
years ago (I believe called "virtual card numbers"), but they got rid of it
for some reason.

Though I am more likely to give my personal details to citibank than some
startup. Trust is a big issue with payment startups.

~~~
arfrank
Citi still has this functionality FYI, just tech that powers it hasn't
changed, so stuck with Flash or Windows EXE

------
speeder
I wish this was "country-agnostic"

I am from Brazil, and the government sometimes censor online stores, or is
just an ass...

Also many stores have some sort of licensing agreement that exclusive Brazil,
sometimes with no other way to get some stuff, for example there is a series
of books that I can't legally obtain copies of them after Barnes e Noble
closed Fictionwise, anyone on my country wanting one of those books must
pirate it (they are digital only, and the stores that sell them are mostly US-
only, and a bunch even check your IP or insert DRM that checks your IP).

If this payment service could hid someone country, I am very sure that in some
countries piracy would drop a bit.

------
makmanalp
So, my bank in Turkey (Garanti) offered this more than a decade ago - you
could make "virtual" cards to use on online transactions, and load them up
with the specific amount of money.

This way you didn't need to worry about card numbers being stolen because they
were easy to cancel and also didn't have any money in them.

Other cool stuff they did back then: online banking actually had features, and
had a 2 factor keyfob. And they had a way where you could SMS people money by
sending them a password protected one time code that they could go to any
garanti ATM and withdraw cash.

Why are banks in the US so far behind?

~~~
azinman2
Banks in the US have it (like Bank of America). It's not as good a tech-
execution -- no chrome extension w/auto-fill.

------
lolobkk
Privacy.com This site uses a weak security configuration (SHA-1 signatures),
so your connection may not be private.

They not even using a secure signature for their SSL Cert and they want to be
your trusted payment proxy?

------
dcosson
> Never forget to cancel one of those pesky "30 day free trials."

This seems like a bad idea, I'm surprised they're advertising it. I'm pretty
sure not being able to charge your card doesn't let you out of a contract
you've signed.

I looked into this because I was too lazy to cancel a gym membership once.
There are a lot of stories online of a gym sending someone's account to
collections because they thought they didn't have to actually cancel it since
the credit card expired.

The product still seems useful for one-time purchases though.

------
plugnburn
In Ukraine, Fidobank offers "Shtuka" (Штука, translated as "piece" or in
jargon "thousand") debit cards that are attached to MoneXY account that is in
turn attached to mobile number only. And since prepaid cellular service is
mostly anonymous here, you can actually have as many anonymous accounts as you
can for about 60 UAH (a bit more than 2 USD) each. And still these are
physical MasterCards you can put into your pocket, accepted at any supermarket
and also suitable for online transactions.

------
pavs
I use netteller, that does something similar, called virtual cards. Can create
multiple cards and assign funds to each virtual card. Its not as smoothly done
as this one, but same thing.

------
jeena
My bank in Sweden offers this automatically when you use their website. Not
with as a nice UX as this, it is a popup with a flash app in it, but still
good enough to be very usable.

[https://translate.google.com/translate?hl=sv&sl=sv&tl=en&u=h...](https://translate.google.com/translate?hl=sv&sl=sv&tl=en&u=https%3A%2F%2Fwww.swedbank.se%2Fprivat%2Fkort-
och-betalningar%2Fkort%2Flogga-in-e-kort%2Findex.htm)

------
prohor
Does it work if I live outside US?

~~~
incarnate
Check the "Other" section of their FAQ:
[https://privacy.com/faq](https://privacy.com/faq)

"We're only available in the United States at the moment."

~~~
a3_nm
It would be better if this were more clearly visible, especially to non-US
IPs. I don't want to create an account to discover that the service only works
in one specific country and with a specific list of banks.

------
avar
I've been curious as to why the following strategy wouldn't work as a hack as
well:

* Your credit card has a balance of $0 on it

* You have some app that allows $NAME to deduct $X from it

* You transfer $X to it earmarked for $NAME for some limited amount of time.

I.e. you could walk into Starbucks, have an app on your phone to say you're
depositing $20 into an account earmarked for /starbucks/i for 30 minutes.

~~~
JoblessWonder
One issue would be that the merchant name doesn't always line up nicely to
where you are. For example, a local Burger King shows up as something like,
"Hidden Rocks, LLC" instead of "Burger King" or even
"HiddenRocksLLC/BurgerKing."

~~~
avar
The assumption here is that if this were to catch on as a security mechanism
the establishment you're in would clearly advertise their merchant name, or
you could at least ask for it.

It wouldn't take that many customers to ask before the guy behind the counter
at "Corner Cafe Market" would be able to give you "Culinary Drinkware Inc." as
their merchant name offhand.

------
panabee
in the USA there are about 160M people with credit cards. for a preliminary
model, let's assume 10% value privacy or have enough transactions where
privacy trumps rewards/protections. assuming the startup captures 50% of this
market, that yields 8M users. if the average user spends $1000 per year on
private transactions -- this card won't replace all CC transactions, only the
ones where privacy trumps rewards/protections -- and the company earns 2% per
transaction, the company generates $160M in revenue under these assumptions.
obviously the key variables are (a) 8M users and (b) $1000 annual spend.

to size the whole market, look at all 2015 credit + debit purchases and ask
yourself what percentage of those would have been made private if some
solution made things simple and easy enough. 1%? 5%? 10%?

the potential for private purchases seems promising, esp if they (or someone
else) can expand the market by making private purchasing as easy as private
browsing.

------
efader
Oh the irony, a bank that offers a burner like credit card numbers and
pretends to not know the aggregate transactions using the guise of privacy

LOL

------
darksim905
Whoever works on this & put it together / posted this. Thank you. I just
recently learned a while back that paypal had something similar but
discontinued it. Whatever you have to do to keep this service running & any
help you need in spreading the word, I'm willing to help out. This is needed
badly for those who are privacy conscious.

Thank you :-)

------
elchief
Looks cool.

Supports TOTP 2FA, HSTS, nosniff, CSP, x-frame-options, xss-protection

A+ ssllabs rating

A securityheaders rating

Some issues:

Some user enumeration issues. I emailed security@privacy.com but it doesn't
exist...resent to questions@

I don't like how they ask for your bank's login username and password. I don't
feel comfortable giving them that. There must be another way.

Should confirm email address before you can login

------
coryfklein
Shouldn't this service be marketed to credit card companies instead of credit
card users? If I get a fraudulent charge on my credit card I can just dispute
it and have it removed. What value do I get with privacy.com that I don't
already have that is worth the extra fees I have to pay?

------
DanBlake
There is a few of these services and they all look awesome. The issue has
always been for me that I value my points/miles more than I value the
convenience of not worrying about my credit card # being stolen. If I could do
this with my SPG card, I would be all over it.

------
jdc0589
damn. I've been wanting a service like this for a very long time. Not just for
privacy of security, but hopefully so that if my banking or real credit card
information changes I could just go to one place to make all my updates.

Looking forward to seeing how it looks.

------
greenspot
Still my email used for every transaction will connect the dots. So where is
the point?

Awesome domain btw.

------
robotcookies
Doesn't this just shift who gets your information from the credit card company
to the company running this?

If it's only intended to prevent identity fraud or data theft, then it's
really 'security' more than 'privacy'.

------
rilez7
It would be great if this + other fintech services catered to overseas
markets. It's understandable why they don't, but as an expat/nomad,
centralizing your banking is a huge pain point. This cohort is only going to
grow.

------
Cartwright2
Is it possible to create and verify a PayPal account against one of these
cards? This would allow users to have pseudonymous PayPal accounts. It always
bothers me when I go to make a donation that I have to give my real name.

------
llamataboot
Wondering what the $2k a month spending limit is about? That seems too low to
switch all spending to Privacy, but seems like a lot of mental overhead to
figure out what I want to use Privacy for and what I don't...

------
nikolay
PayPal had this and killed it - stupid PayPal! Bank of America has this.
Discover has this, too. CitiBank has it, too. I really hate not being able to
get cash back with Privacy.com so I won't probably use it.

------
eiopa
ACH only :(

I want to use this, but I don't want to give you full access to my bank
account.

------
leemailll
Citi offers this feature, but not sure whether it is for all their credit
cards

------
llamataboot
Here are the list of banks currently supported, to save you a click or two:

Bank of America Capital One 360 Charles Schwab Chase Citibank Fidelity Navy
Federal Credit Union PNC Bank US Bank USAA Bank SunTrust TD Bank Wells Fargo

------
guico
This exists in Portugal for at least 10 years (in Portuguese):
[https://www.mbnet.pt/#compras](https://www.mbnet.pt/#compras)

------
nodesocket
This is awesome, and something I've been thinking about a while. A few
concerns though:

$2,000 a month spending limit is too low.

Concern about transactions being declined because they flagged as pre-paid.

------
hotpockets
Would there be any way for merchants to accept your cards only? And, hopefully
have fees closer to ACH rates, since that seems to be what you are using?

------
leonaves
Love the idea, but I just wanted to shout out the logo. Best logo concept I've
ever seen, and the whole branding looks great anyway. Brilliant work.

------
DavideNL
So instead of giving my data to the companies i buy products from, i'm now
giving my data to privacy.com, who then sells it to (unknown) companies?

------
husamia
I like the fact that they have 2x factor authentication

~~~
husamia
I've been looking for this for years ever since paypal stopped their plugin. I
hope you stay on for the long run!

------
tedmiston
Any plans to make a physical card? Basically the multiple virtual card service
you have now but in one card I can use in person, like Coin.

------
dawhizkid
Tested on a few websites and immediately blocked.

------
phantom_oracle
Which are the supported financial institutions? Your website has no
information about this at all, even after digging through it.

------
agotterer
How does privacy.com ensure you have the funds to pay for the transaction? How
do they deal with chargebacks and disputes?

------
ginkgotree
Hey! Such a great idea! Any chance you guys will work with Amex soon? I use my
Platinum and Delta cards for everything.

~~~
boling11
Unfortunately it probably won't happen for awhile :(. We're a free service,
and make money off the interchange from issuing these cards. Amex and high
points cards are really expensive to accept funding from.

~~~
ginkgotree
Got it. Would it help you to know I'd be willing to pay for something like
this for all of my cards? That may be a good freemium model to explore.

~~~
boling11
That is great to know! If we do add support for credit cards, it would
probably be as a sort of premium feature.

------
justplay
My bank also provide this type of virtual credit card, but it is useless. It
doesn't work, i tried in paypal.

------
o_____________o
"Sorry, no compatible accounts were found. Only checking/savings accounts are
compatible."

Inaccurate error, FYI.

~~~
boling11
Can you ping me - bo@privacy.com? Thanks!

------
strange_quark
So I should give Privacy my bank account information in the name of
"security"? No thanks.

------
secresearch
This is an interesting idea. Citi offers something similar, but this seems a
lot more convenient.

------
chris_wot
Is this for only U.S. customers?

~~~
boling11
Yes, unfortunately for the time being :(.

~~~
egeozcan
Could you please tell this on your homepage and maybe even add a "send me
_one_ email when this is available in my country" form?

------
hdjeieejdj
the issues I have with this are:

1) only for online purchases and limited use case- how many times do I make a
purchase online that's not on Amazon, or where I'm not using PayPal?

2) new chip cards already do this for in store purchases

3) loss of travel/reward points

------
AznHisoka
What payer name and address does the retailer see when the transaction goes
through?

------
juli3n
The is something named e-carte in France, and that is directly powered by
banks :)

------
jopython
This feature is offered by BoA. I am still their customer because of this.

------
pcarolan
Good idea. Good marketing, even if not new, this needs to happen.

------
sandra_saltlake
All the virtual card providers seem to suck on this front.

------
StartAppAchill
logged in, authenticated with my bank, got the code, then nothing. Would not
accept my code. Could not move forward.

------
subliminalpanda
Are extensions for other browsers planned?

~~~
boling11
Yup! We have plans for Firefox (April) and Safari (TBD).

~~~
subliminalpanda
Thanks!

------
AJAlabs
Some banks like Citibank do this as well.

------
homero
Not using it without ach verification

------
kozikow
Any plans to support UK cards?

------
kidsthesedays
why virtual card numbers aren't worth it:
[http://www.mybanktracker.com/news/why-virtual-credit-card-
nu...](http://www.mybanktracker.com/news/why-virtual-credit-card-numbers-
arent-worth-it)

------
chris_va
How are disputes settled?

------
StartAppAchill
logged, asdfasf

------
mtgx
_> STEP TWO When you check out on any website, the Privacy icon will appear in
the card form. Click it to create a new card, and auto-fill the card form. Use
any name and billing address you like.

> STEP THREE After the card is charged, we withdraw the money from your chosen
> funding account, similar to a debit card._

Not sure I get this. Do you have to fund an account on Privacy.com? So it's
like a Paypal where you generate a new payer name every time you pay for some
other service with it?

 _> Sensitive information is encrypted using a split-key encryption with
partial keys held by separate employees, meaning no one can decrypt your data;
not even us._

Umm. Pretty sure that giving your employees the ability to decrypt my data
means that "you" can decrypt it.

~~~
boling11
Yep that's right, you'll need an account with Privacy.com, and you can use any
name or billing address when you spend using a Privacy Visa Card.

Touche, thanks for bringing that up. Updating the language.

~~~
tempestn
According to your other answers and the website, they don't need to "fund an
account on privacy.com". Rather, they connect it to an existing bank account.

------
serge2k
Finally, a card for my dial up needs!

Really though, isn't something like the apple pay system a better way? You
don't risk getting flagged as a prepaid card and reject, you aren't giving out
your data.

