
Privacy API: Programmable Payments - doomrobo
https://developer.privacy.com
======
mholt
Privacy is awesome - one of the few services I highly recommend to anyone who
makes purchases or pays bills online. Slick interface, product just works
(except once when I pre-ordered something from Best Buy and that's because
Best Buy had a very weird authorization flow that did two charges, instead of
an auth + charge) -- and the benefits are great. Best of all, merchants cover
the costs, so it's totally free as a consumer (edit: meaning, no monthly fees,
etc -- of course merchants have to cover their card processing costs still).
Their support is great, too.

I do wish their referral or spending perks were a little more enticing but the
privacy benefits are still great overall.

Will be thinking about how I can effectively use the API...

EDIT: Woah, this is REALLY cool:

> Similar to the transaction event, auth stream decisioning will allow your
> system to dynamically approve and decline authorizations.

[https://developer.privacy.com/docs#auth-
stream](https://developer.privacy.com/docs#auth-stream)

I smell a two-factor purchase flow in my future... (edit again: maybe not)

~~~
doomrobo
> I smell a two-factor purchase flow in my future

Unfortunately I don't think that'll be possible. The docs say that there's a
2000ms cap on the auth stream response time. I don't think that's likely to be
raised significantly, since I'm pretty sure their card network backend has a
similar requirement.

~~~
mholt
Darn -- I saw that but was hoping that's just a limit imposed by Privacy that
could be lifted, perhaps in 2FA scenarios -- but if it's network-enforced, I
guess that rules that out.

------
boling11
Hey HN! One of the founders here. We're really excited to share this today.
It's just a start, but this is something we’ve wanted to release for a long
time now :).

We believe that data portability and an open ecosystem will be table stakes
for all fintech companies. You should have granular, differential control of
your data. You should be able to grant access to specific functions or aspects
of your financial account without wholesale sharing your account login
information. You should be able to verify your identity without sharing other
personal information.

We ultimately intend for this API to be full read / write capable, including
the ability to read transaction data, set rules programmatically, verify
identity, create & manage virtual numbers, and transfer funds.

That said, security is core to what we do at Privacy.com and this extends to
our API. We want to empower people to build applications on top of our API
that delight users, without compromising their privacy or security. We would
really value your feedback as a user, developer, or information security
professional!

~~~
politician
It looks like Privacy.com is build on top of Plaid.com for handling the
backend ACH processing. Plaid.com exposes a ton of personal information to its
customers like Income, Assets, and Employment Verification. What is the scope
of your engagement with Plaid?

Do you recommend that users should protect themselves from Plaid.com personal
data harvesting by setting up a secondary checking account to use with
Privacy.com that is trickle-fed from a primary checking account?

~~~
boling11
Hi there! We use Plaid for instant bank account verification and for balance
information (to ensure we don't accidentally trigger an overdraft). We don't
utilize the Income / Assets / Employment APIs. We don't use them for ACH - We
build our own NACHA files in house.

Plaid itself takes user privacy really seriously (part of the reason why we're
working with them). They don't resell any of your sensitive data.

A secondary checking account is A-Ok with us. Many of our users do this. The
only thing I would say is to be careful to use a bank that doesn't assess
overdraft fees. We also are allowing micro-deposits for our more security
conscious users on a limited basis (drop me a line bo@privacy.com and I'll set
you up). Lastly, card top ups is something we're also looking hard at.

As you can tell, unfortunately there isn't a perfect solution yet - we're
trying to be a part of that solution.

~~~
politician
Thanks for the details. This service is very interesting. Are these cards
funded on a prepaid basis (micro-deposits?), or are the ACH withdrawals
performed after the fact?

~~~
boling11
They’re performed after the fact.

------
throwaway2016a
This seems to be consumer oriented but I can see some definite business use
cases.

Giving employees card numbers for instance and limiting what they can use it
for. I know plenty of CEOs of small business that have their credit card
copied down by at least a half dozen employees. Then if there is an unexpected
charge there is no way to see who it was.

I can also see using this to automatically fill out my expense reports for me.
Or make sure I don't forget to fill it out.

~~~
corobo
Just in case this doesn't swing that way, I've had my eye on pleo.io for a
while for that purpose if that helps any

------
cocacola1
I've been using Privacy for a few years now; pretty satisfied with it.

~~~
kingbirdy
Would you mind giving a few examples of use cases you've found for it? Looks
interesting, but I'm not sure what I'd actually do with it

~~~
igetspam
I use it for everything.

I have unique/monthly limit cards:

    
    
      * My kid's swim class has a unique card.
      * Wife's phone (setup before Google started rejecting their cards)
      * Cable bill
      * Netflix
      * Personal AWS bill
      * Gymboree
      * Monthly self-storage
    

Recently closed one-time cards:

    
    
      * Online grocery order
      * Delivery food order (leave some padding for tip)
      * Online clothing retailers
      * Charitable donations paid via CC
      * Tickets to DisneyWorld
      * Every penny that goes through PayPal because I don't trust them for a second
    

Literally, anything that we pay for over the phone or online.

One place I'm especially happy to have it is my vet. They're really bad at
billing. They've double billed me twice. Now I keep a dead card on file (they
want a card) and give them a new one with a hard limit every time I have to
pay a bill. No more double billing and I can see when they're screwing up.

~~~
_eht
Do you have any information on why Google would block these CC numbers? I know
Google, and many others block VOIP phone numbers for example, to discourage
rampant account verification, but I can't think of why they would reject a
financial reference number.

~~~
kingbirdy
I imagine it's to stop people from connecting stolen cards to the service and
then generating a bunch of other card numbers that are essentially all stolen.
It could potentially allow them to use the stolen card more before it was
detected.

------
sjroot
This looks pretty cool. Does Privacy have any services besides the browser
plugins? That idea is similar to a couple past projects that didn't last, but
this looks very promising regardless.

Side note for Privacy's front-end people-minor scrolling issue:
[https://imgur.com/ic5I3hz](https://imgur.com/ic5I3hz)

~~~
leetbulb
I use the Android app as well. It saved me in a pinch a few days ago when I
had to pay for my doctor visit and was unable to find my bank card.

------
ikeboy
I used it for several months. I closed cards and they let transactions through
anyway. When I disputed them, they first ignored, claimed disputes wasn't
working when I asked for status updates, denied disputes, then closed my
accounts, and refused to refund the invalid charges.

I would not recommend them. Their marketing is dishonest, claiming that
transactions cannot go through if the card is closed, while in truth merchants
are able to "force post" debit transactions even when closed.

~~~
igetspam
Weird. That's the exact opposite of my experience. I've had a number of odd
rejections that led me to reach out to a couple vendors (hey Amazon, I'm
looking at you!) because there were small transactions attempted against
closed cards. I've had a few hiccups for things like creating multiple cards
to use with PayPal (there's an avenue for fraud there, apparently) but I've
been able to get those resolved quickly every time. I have nothing but good
things to say about their offering and it's nice to see they're opening a read
API (I'm hesitant about write keys).

My only complaint right now is that some vendors (Google specifically) reject
their card numbers because they're pre-paid and they've made a decision in the
last year or so to stop accepting them. I know for a fact this is a new thing
because I'm paying for a Fi account and a Google Music account using privacy
numbers. When they finally expire, I'll stop giving Google money altogether.

------
iM8t
Privacy.com is available only for the US. Anything similar available in
Europe?

~~~
chrisacky
[https://monzo.com/](https://monzo.com/) is UK, but you can't create virtual
cards. It's not really an equivalent product.

------
orliesaurus
I use privacy for all my Steam purchases, it's awesome! Thanks Bo!

------
social_quotient
What’s the monetize model for these guys? I’d normally think it was mining the
data but with the name privacy I’m hoping not.

Do they somehow get part of the merchant fee?

~~~
boling11
Yes, we take a portion of the merchant fee (similar to regular debit or credit
cards).

We don’t monetize by selling your data.

------
tombowditch
Any UK alternative for Privacy? :(

------
arisAlexis
or you just run a monero node and programm against it for free :)

