Hacker News new | past | comments | ask | show | jobs | submit login
Privacy – Forget Your Credit Card (privacy.com)
661 points by doomrobo on March 24, 2016 | hide | past | favorite | 359 comments

In case anyone didn't catch what this actually costs, the answer is: 1.5-2%, which is the rate you could get cash back (or airline miles/etc) with good credit.

Because this service draws directly from your bank account, and takes what would otherwise be your rewards from the credit card fees their banking partners charge, it provides a nice business model for them at the cost of you getting 0% rewards back. Not worth it, in my opinion.

Yea I'd agree with that. Was bummed this couldn't be set up with a credit card, and didn't bother asking after realizing it'd break their business model.

All online transactions are processed as credit - even if the card used is debit/prepaid debit - and the card issuer earns 1-3% for each transaction. Some of this fee is rebated back to people through cashback/travel rewards cards, but I am assuming Privacy & Customer's Bank will be using it to fund their business.

Pretty cool idea! And even cooler website!! Would be interesting to see some sort of loyalty/rewards program implemented, although that doesn't really jive with your anti-marketing pitch.

I'll be sticking with my credit cards for now. They're worth a lot more than their rewards, and it's a shame so many people choose to stick with debit...

They actually get one better. Whereas a credit card takes 1-3%, gives you 1-2%, makes $$ on various partnerships for redemption, sell your data for additional $$, and potentially charges you yearly, monthly, or interest fees. The CC ALSO extends you 1 month liquidity for free.

These guys directly debit you, so they have to float nothing, they have no fee on the ACH, and they keep the 1-3% merchant fee. That said... avoiding some of those earlier issues of fees and data selling, this seems kinda cool.

can you please elaborate on why they don't have to pay ACH fees?

In the footer it also says its accepted everywhere Visa debit cards are, NOT credit cards. That's a huge caveat because debit cards aren't as universally accepted as credit cards.

You can pretty much universally run a debit card as a credit card. It's the other way around that's expensive.

A merchant can choose to decline prepaid debit cards, e.g. here's how the braintree api exposes it[0]. I assume that's what this shows up as.

[0] https://developers.braintreepayments.com/reference/response/...

A prepaid debit card is different from a plain old 'debit card'. The debit card is accepted everywhere a credit card is (as long as it says Visa or Mastercard on it).

In fact a few places accept debit cards but do not accept credit cards as fees with debit cards can be lower.

There's just a handful of subscription merchants that don't take prepaid debit cards.

The problem comes with things like hotels and car rentals. For example, I'm staying in a hotel tonight, and they just authorized my credit card for $200 more than the nightly rate to cover incidentals (the notice came to my iPhone). If that were a debit card (or Privacy), they would have to pull the full amount from my checking account right away, and it could be days or weeks until they put it back. Since it's a credit card, they'll release the hold when the final bill comes through in a day or two, and I'll never know the difference.

You can put a hold on a debit card too without pulling the entire amount (they run an authorisation and release it immediately) I've used it to rent cars and hotel rooms, they do a check but the amount isn't 'blocked' off. In effect your statement looks just like a credit card.. There's absolutely no difference except with a credit card it's a borrowed balance.

I'm not too aware of how cards are in the US but generally in Europe & Australia (afaik) they're this way. Do cheque cards have mastercard/visa on them in the US (What about maestro/electron)?

US merchants don't do this. Most of the ones who take a deposit (hotels, car rental) have signs at the counter warning that they may put a substantial hold on your cash if you use a debit card, which won't be released for quite a while.

You are right -- if the card is bank-issued, then they can simply place a hold and release it without money flowing. With Privacy, it would seem they will need to actually pull the cash to be able to ensure that its there when the final charge comes through. Curious to see how this plays out.

>US merchants don't do this. Most of the ones who take a deposit (hotels, car rental) have signs at the counter warning that they may put a substantial hold on your cash if you use a debit card, which won't be released for quite a while.

My company used to send us on work related trips which were paid for in advance, but relied on us to provide our own cards at the hotels for incidentals. After a few (presumably less financially stable) employees used debit cards with low balances to check into hotels (effectively leaving them with no money during their stay), this policy changed so now the company credit card is used for hotel check-ins.

I personally hate the new policy because I have good credit and like getting room service, and for some reason I find it kind of emasculating that I'm not allowed to use my own card.

Yes but I want the protection of a credit card. In the uk at least you get a big advantage legally buying things on a credit card.

What? I don't have a credit card and I haven't run in any problem so far

Esp when Citi offers this on the DoubleCash card, which is 2% (though the experience of the Flash-based or desktop-app-based Citi number generator combined with their lack of support for require-every-time 2FA make it a lot less than ideal)

Don't forget no warranty doubling, no theft/loss protection, no price increase protection, none of the usual benefits for a decent credit card.

You could think of it like that, or you could think of it as a cheaper Paypal with better privacy.

I for one don't care for the puny rewards which are much smaller than the value of the data they get from me anyway.

Hey HN - Privacy.com co-founder here. I'm really excited to share what we've been working on for the past year and a half or so.

We've been neck-deep in payments stuff on the card issuing side (getting a BIN sponsor, ACH origination, etc), so happy to answer any questions on that front as well.

P.S. For new users, your first $5 donation to watsi.org is on us :)

I had a general question about card numbers.

Say there are 3E9 people on Earth, each with 3 cards. That's around 10 digits right there. There's 1 digit for checksum. I imagine you'd want to leave space for least 1000 financial institutions around the world, so that's another 4 digits. Which means you can only have 100 transactions per person.

None of this takes into account the fact that the same people are issued way more than 3 card numbers either.

So my question is, how are we not close to running out of card numbers? How is this not even a problem yet?

The short answer is that, in theory, we are running out. It's kept in check now by some amount of BIN & account number recycling by financial institutions.

If you're curious about the number scheme, check out https://en.wikipedia.org/wiki/ISO/IEC_7812

I don't believe we are that close to running out though, are we?

Using the number scheme, this person calculated^1 that (assuming Amex starts issuing 16 digit cards) there would be 3*10^14 + 10^11 or 4.001e+14 possible combinations.

[1]: https://www.reddit.com/r/theydidthemath/comments/3wj8eb/requ...

> Say there are 3E9 people on Earth, each with 3 cards.

You vastly overestimate the number of people with credit cards.

It averages out. The people who do have credit cards are issued far, far more than 3 numbers in their lifetime due to cards expiring/being cancelled, promotional offers etc. I myself have had something like 10-15 different card numbers in the past 10 years, without actually trying.

I wasn't trying to come up with a lower bound, I was trying to make the numbers round off nicely and reasonably to make a point.

This actually wouldn't be much of a problem for privacy because they could just have x different cards and cycle them through and just keep very good books on who got what.

The date adds a few more digits, right?

With a name like Privacy.com I was hoping to see your use of Google Analytics visitor tracking in your privacy policy: https://privacy.com/#privacy-policy

It isn't there, and disclosing it is mandatory under the Google Analytics T&C's (Section 7 here, it's crystal clear with the language "You must..." https://www.google.com/analytics/terms/us.html )

Can you please add it to your privacy policy? It's one of the first things privacy-conscious users look for when evaluating a website or service.

Wow - good catch. This was a huge miss on our part. We had it in the previous version, but it got overwritten (no excuse, our mess up).

Anyway, thanks for bringing it up. We've pushed the updated terms.

Many virtual cards before you have ran into issues of being flagged as prepaid or single use cards and having their BINs blacklisted by merchants. How will you be combatting this?

>ran into issues of being flagged as prepaid or single use cards

I generate Citi's virtual credit card numbers every month for numerous online shopping payments and I haven't run into issues.

It seems that it's not possible to determine if a card is a virtual number by parsing the digits.[1] Do you have other information stating that merchants know how to reject virtual cc numbers?

[1]"As there is no way for a merchant to identify a card as virtual up-front," https://support.cybersource.com/cybskb/index?page=content&id...

Citi and BOA get away with it because they can allocate out of a large pool of BIN numbers that are otherwise regular use debit/credit cards. These guys will have to figure out how to get a similar "mix" to avoid being flagged as prepaid/single use. This was the issue that ultimately caused PayPal to kill the service they had that was almost exactly the same as Privacy.com.

> will have to figure out how to get a similar "mix" to avoid being flagged as prepaid/single use. This was the issue that ultimately caused PayPal to kill the service

That's fascinating. Perhaps PayPal killed it for multiple reasons because the (possibly biased) answer from a PayPal said not enough people were using it: "The one-time card numbers -- technically they were MasterCard virtual debit card numbers -- were discontinued as a public user-facing feature because they were not generating sufficient transaction volume and revenue to warrant further development."


Those might not be distinct reasons.

If a lot of merchants were flagging and rejecting transactions from Paypal's virtual CC BIN numbers, that would prevent people from using it very often, leading to "not generating sufficient tx volume", right?

Why do vendors want to block single-use CC numbers?

recurring subscription websites, and purchase tracking networks.

There's a lengthier answer to this, but long story short, yes we're aware of a lot of the common pitfalls. A big part of the challenge comes down to limiting abuse on the cards (which we're planning to do).

>Privacy.com co-founder here

Tell me about AVS please.

Existing virtual card services have me covered on the virtual card front - both cost and (limited) privacy. I want something that gets me past the virtual card + AVS issue. All the virtual card providers seem to suck on this front...

No card issuer is going to verify a transaction of any significant value without AVS. AVS dropped fraud rates on card-not-present transactions dramatically, and it'd skyrocket without it.

>No card issuer is going to verify a transaction of any significant value without AVS

irl, Card acquirers do verify transactions without AVS, but they charge higher provided the merchant can demonstrate pre-transaction fraud mitigation

>AVS dropped fraud rates on card-not-present transactions dramatically, and it'd skyrocket without it.

AVS was less than moderately effective 6-7 years back, but it's less effective now, almost not at all. Most "researchers" have the card dumps with the addresses already so AVS does nothing to decrease the attack surface. Pre-transaction approval risk mitigation and post transaction fraud review is the only thing that works.

AVS doesn't deny anything. Its a status code returned on the auth. Its up to the merchant to reverse the auth if AVS data shows it doesn't match(Exact Address,Zip Code, CVV) or send the auth off for settlement. Merchant has almost no recourse if transaction is marked as fraud and the AVS doesn't match.

It may be up to the merchant, technically, but in reality systems such as Authorize.Net allow you to configure it at the gateway to reject transactions based on various AVS criteria. Many of my clients also only allow shipping to the AVS verified billing address as a way to weed out much of the fraud. For many products, only allowing shipping to the billing address is a reasonable restriction.

Pretty sur

> AVS verified billing address

Do you want your address actually verified or a feature that makes AVS useless?

>Do you want your address actually verified or a feature that makes AVS useless?

Either is fine with me. I just want a virtual card (to protect my bank acc) that I can use in as many places as possible.

Currently I've got a virtual card that only works like half the time...That's pretty underwhelming by any criteria.

Was curious about the motivations as well...

I work at a small ecommerce company and we'd be effed without our AVS service to help with CC fraud.

Copy paste response

>Do you want your address actually verified or a feature that makes AVS useless?

Either is fine with me. I just want a virtual card (to protect my bank acc) that I can use in as many places as possible.

Currently I've got a virtual card that only works like half the time...That's pretty underwhelming by any criteria.

This sounds awesome. I really hope you will be successful!!

What do you do when you get subpoenaed? Do you link all the accounts to the real identity? Lavabit-style exit?

Thank you! We do have to abide by US AML / KYC laws as we are working with a sponsoring bank. We plan on releasing transparency reports on a regular basis.

Do the anti-fungibility regulations and/or your sponsored relationship require you to preemptively submit your transaction information (eg card#->bank# mapping) for surveillance, or only in response to a specific court order? If the latter, what is your retention period?

Do you have any plans to add batching+noise to foil global passive adversaries? For example, I opt to keep a running balance target of ~$50 and today's charge for $34.56 is debited as $31.37 a week later.

Yes, that's my question too :)

I'm pretty sure that KYC trumps privacy, in this case :(

Lavabit wasn't doing financial transactions. Openly, anyway.

How much did you guys pay for that domain? :)

We didn't pay any cash.

It's a long story, but there's probably a good blog post in this.

Also interested in this - you have an amazing domain name.

Considering someone wanted 4 mil for [my fairy common first name].com a few months back when I was trying to get it, since I noticed that it has been parked for a while after the other guy who ran a neglected personal blog on it for years would never answer my emails, I would estimate quite a lot.

Are you planning anything for B2B?

I’m working on an idea that will need to pay hundreds of vendors for the services they perform for our customers. We want to pay the vendors electronically where possible so having unique card numbers for each vendor would be a great thing.

After looking at Privacy.com I want to take it a step further by generating a unique card number for each of our customers. We’d need higher spending limits and the ability to manage the cards via API. Other than that, what you’ve built sounds like a perfect fit for our use case.

This sounds like it would be an interesting use of our API. Can you ping me at bo@privacy.com? I'd love to chat more.

Take a look at Marqeta.com, this is their bread and butter.

Thank you for the tip!

Questing: Why is this US only, and why doesn't it say so right at the start? :(

hmm i signed up only to find out about this.

FYI, your site has a CSS bug: https://dl.dropboxusercontent.com/u/1237941/Screen%20Shot%20...

Another: https://dl.dropboxusercontent.com/u/1237941/Screen%20Shot%20...

The expiration date and CVV aren't fully visible - and for some reason clicking the "Open" button does nothing, so I can't close it.

How do your Privacy virtual cards affect your credit? Not at all?

They are prepaid cards so it's more like a debit card than an actual credit card.

The money is transferred from your account before the card is issued / transaction go through so it's pretty much a charge card.

I'm not really excited this is another US only service.

Seems like you guys could partner with companies like "Coin" - https://onlycoin.com/ - having "soft" physical credit cards with dynamically issued numbers would be crazy.

This is actually what final is trying to do: https://www.getfinal.com/

Though Privacy's approach of being extension-first and launching first is probably the right one.

What, if any, data do you have to report to authorities or central databases by default, i.e. without receiving a specific warrant? Is there anything in that class you are not allowed to mention (but may be allowed to mention insofar as answering this question in the affirmative)?

Congrats on getting to market with this! Super tough thing to do. Congrats!

I have one question: how? How can you fund my card at the time of payment, if you get my money through a wire transfer? By the time the money arrives, the merchant will have cancelled my purchase, no?

They give you a hidden credit line

Am I reading comments right that this isn't work with an existing credit card, or say, paypal? So I have to give you my debit or bank account info?

Is the browser extension something you plan on requiring?


Out of curiosity - who is your BIN sponsor - Bancorp?

See the bottom of their website - Customers Bank

Not everyone who finds English content on the web lives in the US. Just wasted time because I thought I could use the service...

I just want to note that your logo design is fantastic. Such a perfect combination of the name and concept. Really well done.

Two questions:

* Can I use your card to pay for FreedomPop?

* Can I pay for your card using prepaid credit?

I browse with JS disabled and your site is just a blank page for me.

Privacy.com. Don't let them track you. I open it to find a totally blank page asking me to turn on malicious, surveillance-loving, code execution to view ("we promise") good content.


And, to "modern web requires Javascript" critics, modern life expects credit, web surveillance, Facebook, etc. That doesn't mean you have to support or force it on others. Let's look at it really quick to see if a HTML4 w/ CSS site could've handle it. Yep, we did more interesting stuff back in the "DHTML" days (eg dynamicdrive.com). So, it's a privacy site pushing risky, higher-overhead crap on us just for fun. Hypocrites.

Alright, now let's look at the security. I should eliminate stealing a specific card or using malware on the machine to forge transactions. These are main attack vectors. Might mitigate the first. Looks like it will be vulnerable to the second. Admittedly, most methods are vulnerable to the second and those that aren't stay niche due to "inconvenience." So, still could be value in mass market where people get compromised anyway but want to knock out a common attack. The third risk is an unknown with some of the claims looking good on paper but to abstract to evaluate.

Note: The split-keys between employees part on the security page is funny. It's a banking control for sure. I'll just let your imaginations work out how little protection it brings from hackers, management, or the government. ;)

Should probably turn JS on, then, if you want to browse the modern web.

Fool! This "modern web" you speak of is nothing without me browsing it. It is not I who am missing out! Nay! It is the "modern web" that is diminished by my non-browsing of it!

They are punishing themselves! Why!?

No matter. I shall browse on, without Javascript, safe in the certitude that I am only missing the content of people too foolish, ignorant, or uncaring to use HTML and CSS properly.


Any plans for international expansion?

Are you planning to support 3-D secure?

Do you plan integration with mint.com?

Shouldn't be necessary, from my reading. The charges pass through to your checking account, so they'd already show up in Mint from that.

My biggest question with Privacy, and of any one-time use credit card numbers service, is always:

Will it affect my rewards? Will businesses still show up unaffected with the same categories on my credit card statement? (I have a travel rewards only card, so breaking the rewards flow is a deal-breaker for using a higher level service.)

Edit: I misunderstood the service as being able to be layered on top of normal credit cards. It looks like the funding source is only bank accounts for now. Still my question remains if building on credit or debit cards is on the roadmap.

Edit 2: They are one-time use numbers, right? "Use at merchants" (plural) seems to possibly imply otherwise.

> What happens when I generate a new Privacy card?

> We'll give you a random 16-digit Visa card number that you can use at merchants that accept Visa debit cards...

Edit 3: It sounds like the business model results in keeping the money that would go to rewards on a normal card.

> How do you make money?

> Every time you spend using a Privacy card, the merchant or website pays a fee (called interchange) to Visa and the issuing bank. This fee is shared with us. We have some premium features planned, but rest assured, our core virtual card product will always be free and we will never sell your personal data.

Don't you see that rewards tracking is actually the antithesis of this service?

That's what those "free" rewards really are...getting more detailed information on your spending patterns and profile so they can resell that info to interested parties.

Not particularly, though it may factor in. Rewards are primarily a kickback from the company's ~3% cut.

Yea +1 to that. Transaction fees are where card issuers profit the most, the rewards are just a share of their take.

Which is why Amex can offer such great rewards, because they charge vendors through the nose.

Have you ever read the Terms Of Service when you agree to a rewards program?

Of course it's a simple rebate as well, but I didn't think I needed to point out something that obvious.

As others pointed out with the % splitting, I'm not sure that I agree.

A credit card company could collect spending information and resell it for all cardholders, not just those holding cards having good rewards.

Perhaps this is naive and instead more valuable customers (based on spending more money annually or having a higher credit score to qualify for the card in the first place) have their information sold more, but privacy and reward programs seem like orthogonal aspects of the business to me.

Never thought of that - please expound...

This is for supermarkets, but the same general principles apply:


>If you have a loyalty card or shop online, the supermarkets will build up a demographic profile of you, and collect data about how loyal you are, what you buy and how much you spend, says Guy Montague-Jones of The Grocer.

This is how retail in America works now: collect data, adjust to fit.

Debit cards are something we're looking towards in the near term, credit cards probably will have to be a premium feature (due to how we make money right now).

The numbers can be one-time use (burners) or re-usable at the same merchant.

I've never understood why virtual numbers can't be used across different merchants. Why is this? Are there any that do offer this capability?

Doesn't that go against the whole point of this?

No, since the ability to limit the amount and the expiration date as well as the ability to close a number at will is immensely useful on its own. (Citi lets you do all of those.)

I can't use this right now because all of my spending goes on a rewards credit card, but if you offered credit card support as a premium feature I'd be signed up in a second. I hope to see that feature soon!

Is that something that new? My bank (Itaú, in Brazil) offers this option for some time now.

Here(in portuguese): https://www.itau.com.br/cartoes/cartao-virtual/

Or am I missing something?

Edit: They launched it in 2002: http://exame2.com.br/mobile/tecnologia/noticias/itau-agora-t...

Edit2: Sounds new in the US. This is not supposed to be a bragging/snarky comment. Just genuinely surprised as innovation usually come the other way around, from US to Brazil. So Congrats on the launch! Good job, sounds tough to launch it not being a Bank!

Not really - Paypal was doing it via their browser toolbar ages ago, back when toolbars were still a thing. They stopped offering this functionality back in 2009, I think. That said, it's not particularly common at US banks despite being a horrifically useful feature (Bank of America has it, but I'm not aware of anyone else).

I'm excited that I can hop on and use Privacy but it seems like it's more of a feature than a product.

Virtual cards from Citi and masked cards from Abine.com

Virtual citi cards are nice in theory, but the web app to make them it pretty cumbersome to use, and the desktop app to do it just feels super icky. They also have short expiration limits, so it's not great to use for subscriptions where you ideally set and forget.

Edit: the web app for Citi was also a flash app last time I checked (few months ago). That plus them not supporting 2FA for every login makes me not use it.

Bank of America offers this as "ShopSafe", but it's buried on the BoA credit card account page and it's a flash app. It's also not available from the BoA mobile app, at least not last I looked.

I came here to say this. It's really a great service, but it is not available for the iPhone (Flash) so I always have to use it on my laptop (trade one problem for another) which is kind of a pain. But I do use it all the time and highly recommended especially to avoid having to cancel subscriptions.

People are surprised when I point it at them because it is almost as if BoA does not want you to use it. Check the right side bar towards the bottom.

Ya I've been thinking about reverse-engineering it to write something like the privacy extension for a while... nice to see someone else put in the work!

It was originally offered by MBNA, and it hasn't had any development since BofA bought them. It appears almost purposefully impossible to find.

Yeah, the TWiET podcast made a big deal recently about how chips are finally making their way to their cards. I couldn't help but laugh. IIRC, Norway had those since the late 80s. And in Australia, Paypass/Paywave is near ubiquitous now. I think the US is way behind in their banking infrastructure.

I used to work at the largest merchant acquirer in the US and it's funny to see people claim these features just now making it to the US were signs of innovation lacking within the US. However, the reason these features were necessary outside the US is because the risk model was more severe outside the US; there was no need to implement them here. I have a presentation from Mastercard somewhere from 2006 that showed the dates for mandatory chip&PIN around the world the didn't include the US b/c we didn't need it. At the same time, I had flip phones on my desk from Motorola and Samsung with NFC integrated.

Edit to add: This is not a tech issue, it is politics and the like.

Weird, because most of the data I can find shows that the US has one of the highest rates credit card fraud in the developed world. Australia being very far down the list typically, and yet we got chip & pin and Paywave/Paypass well before most other places

Before the internet, and before its pervasiveness (~2010), all, then most, of the credit card transactions were 'card-present.' The US still leads in fraud prevention for 'card-present' transactions. The US was optimized for these transactions, so the internet has been a bit of a hassle and or opportunity (e.g. paypal).

Paywave/Paypass is about convenience, rather than security. It is less secure than chip and pin.

Fraud was a lower risk to credit card companies in America because [1] they were better at detecting and preventing fraudulent transactions, and were better at passing on the costs of fraud to retailers and consumers.

[1] http://www.economist.com/blogs/economist-explains/2014/10/ec...

Quite interesting. Do you know why credit card fraud was a bigger issue elsewhere in the world and not in the US?

My understanding (I wasn't in the fraud department) was that the US historicaly had better connectivity (leased ISDN lines), and was doing fraud detection in the 'cloud' (i.e. soft real-time). Most other countries had to rely on connectivity-free authorization and ISO 7816 was a better fit there (smartcards with onboard storage and authentication methods).

High level question about virtual cards and the implication of their implementation: 16 digits doesn't seem like a very high number of available cards, especially since at least two of those numbers are reserved (checksum and IIN number). At some point numbers are going to be recycled, right? Or am I massively underestimating the # of credit cards out in the world? It seems like if a large # of people get a new # for every transaction that it would use up the available namespace pretty quickly.

I believe expiration date plays into the possible combos. I'm not sure if CVC does.

You only need the PAN to charge the card, and many banks will gladly accept charges on expired cards even if provided with an expiration date in the past.

This has been around in the US for quite a while in various forms, but it seems like it has never really caught on.

I used to make new virtual numbers from Wamu for each online transaction, setting $ and time limits. Only later did I read that those "one-time" numbers could be charged more than once and the expiration dates didn't matter. That's why I skip this extra useless step these days.

That still gets you the ability to figure out who leaked your card number, and presumably a way to manually revoke the number without hosing the whole card.

AMEX has this almost 20 years ago but they stopped it for some reason. I personally loved the feature.

Yeah, I was a user. It was called Private Payments and went back at least as far as 2000.

Here's an interesting article from 2000 [1], declaring it basically unnecessary because cards were safe in transit. Some of the quotes and rationale are hilarious. Definitely from the pre-breach-of-the-month era.

[1] http://www.forbes.com/2000/09/08/mu4.html

I've never heard of anything like this in the US. So I think it is new here, at least.

A few credit card companies offered this in the mid-2000s (Providian and Citi, possibly more), but it seems to have fallen out of favor in the intervening time. I liked to have it as an option, so I'm glad it's making a comeback.

Since no one has mentioned it, American Express had Private Payments from 2000-2004, which generated one-time credit card numbers that the merchant could charge for up to a month.

Discover had "online card numbers" like this back in 2010. I'm not sure when they were originally introduced, though.

Citi offers this, and I believe bank of America as well.

Blur from Abine.com has an almost identical system to the one described here.

In Portugal we have had this service for many years and it works regardless of the bank (https://www.mbnet.pt in portuguese). Most people I know always generate one of these cards for online shopping, it's safer and easier to control.

That's indeed true! Although you still have the limitation of only being able to generate virtual credit cards of the same type of your "parent/real" credit card. For instance, with a Maestro/Mastercard you cannot generate virtual VISA's.

I wonder if 'ma' would stand for Manuel Alves... that would've been funny :)

Disposable and merchant-specific card numbers have been around for decades but never gained much traction. Probably because the meager benefits do not overcome the poor UX.

I think it may be related with more difficulties on tracking what you're shopping (likes) and more hassle on setting them up for every thing you buy (considering disposable virtual credit cards), which more likely will keep you away from buying instinctively and is not the desired outcome.

A lot of banks offer it through some sort of thing in their website or app, I think here the UX is a lot nicer though.

I agree, even some of the Indian banks have had this feature for sometime now. For example:


isn't this similar to ShopSafe by Bank of America, Citi has something too.

I know at least one Swedish bank has been providing this service forever too. They call it "e-kort" or "e-card".

Both citi and bankofamerica (and I believe so, but didn't personally use, Wells Fargo) offered this service for free on their CC accounts in mid to late 2000s.

You could set limits per number, have it lock to just single merchant, etc. pretty nifty when paying some wacky merchant online.

All have since shuttered the service because pretty much every CC comes with purchase protection that you can invoke to charge the vendor back in case of something going wrong.

Virtual CCs provide very limited utility in my mind - because the place you're likely to have your CC swiped - a bar or a cab - are still going to use only the legacy plastic version.

I think it's incredibly useful:

1. Track down and audit exactly which company stole/leaked your CC

2. No need to update ALL payment methods any time your card is used fraudulently.

3. Set limits and purchases and save yourselves the headache of trying to charge back if you get some vendor who tacks on unexpected fees.

Just to name a few.

BOA still offers this, and I still use it in some cases online. It's useful for subscriptions that I think I might forget to cancel before they auto renew, and similarly, for free trials that I might forget to cancel.

This is incorrect. I've used the citi offering recently.

Abine.com also has such a service.

Yeah, Citi for sure still offers this product. And I still use it for vendors I don't use regularly.

BofA still offers it, but I don't use it because it requires Flash which I don't have installed in my browser. I just checked a few weeks ago, though, and it's still there.

In the past year I've had to replace cards 3 or 4 times. Each time I am out of using that card for a week or two. Last time, they failed to send me the card, and made me wait the full 10 business days before I could even request it again.

It's an interesting idea. However, I'm not comfortable with a third party having all that information. Some banks issue "corporate" cards, with numerous "employee" cards. I already trust the bank, after all. So what else does Privacy.com provide that's worth the risk? They're still subject to KYC, right? So there's no strong privacy. Or am I missing something?

We are still subject to US AML / KYC laws. But the cool thing about these cards is you can use any name or billing info you want with them, so don't have to worry about your info getting leaked if some website you bought an indie game / song / whatever from 6 months ago got hacked.

OK, so that would have protected Ashley Madison users. Because none of the likely interested parties (partners, private investigators, etc) would have leverage to get information from you. Same for users buying porn, unless they get investigated for child porn. That's not a KYC issue, but there will be a subpoena. And I'm assuming that you must comply with all subpoenas.

Edit: I wonder what your burden would be in bankruptcy cases.

Ashley Madison and porn users are easy targets. But broadly-speaking, we just think you just shouldn't have to share your personal info with a random merchant you want to buy something from.

It's anti-privacy in the guise of being anti-fraud.

Yes, we do have to comply with subpoenas.

Yes, I totally agree.

Still, users arguably need to trust you more than they trust traditional credit card companies. But it's about the same as PayPal, I guess. They often do have access to users' bank accounts.

So anyway, I get the point. It's a useful service.

What response do you provide to an AVS request when the fake name and billing info is sent to you?

@boling11, why does privacy.com need access to my online banking on an ongoing basis, after the initial signup is finished?

I have changed my online banking password after signing up successfully, and I received an email complaining that "Our connection to your bank is broken".

I can understand the need for initially providing my banking credentials for AML/KYC reasons, but I feel uncomfortable with your company continuing to use those after the initial check.

Why can't you just use the routing/account numbers for ACH after the initial signup?

We don't actually store your credentials. We work with Plaid.com, and take a token which we can use to pull balance information. This allows us to fund a transaction in real time and take on the risk of ACH. When you change your credentials, that token gets reset.

If we took routing / account numbers, you'd have to preload your account and wait up to 3 business days. It's something we're definitely looking into though as well though.

Paypal handles these kinds of transactions just fine without preloading and without needing my bank account's username and password. In addition, banks typically tell you to never hand out those credentials even to their own employees.

Thanks for your answer, it clarified things a lot.

My concern with plaid.com using my banking credentials on an ongoing basis still stands though, and for me this currently outweighs the privacy benefits to be gained by using the service. Additional ways of funding (either using a debit card or ACH preloading) would be most welcome and go a long way towards addressing my concerns.

privacy.com would be a very useful service to me, and I hope you will be successful with it!

I understand why you need it, and I want this service in a big way, but I'm just baulking at giving you my online banking username and password. Why should I trust you with that?

I wish banks would offer something like OAuth - a service-specific, revokable credential with access only to the stuff it needs. I'd be a lot more inclined to use a product like Mint, for example, if I could grant it ONLY read access to my transactions and I knew I could revoke that access at any time without having to change my primary credentials or disrupt any other services/apps I have connected.

Totally understand it's sensitive, and it's cool if you're not ready to trust us with that yet. That's something that we plan to earn and don't take for granted. Eventually we do plan to allow debit card funding.

Didn't realize you require login & pass to bank (registration didn't work on windows phone).

While that's common in Germany, in Poland giving your login & passto 3rd party means that bank has no responsibility for any loss/fraud/anything if something goes wrong for whatever reason. This is breaching the term with the bank, that your login and password are confidential.

In Poland a oauth like alternative for payments is used, where you end up on your bank website to confirm payment and then you go back to the merchant.

Why not let people directly put in account numbers then? Lets users avoid online bank account liability but has the same effect.

That would make sense :) Anyway, I checked my bank agreement (page 15...)

> You agree to: 1) keep your password secure and strictly confidential, providing it only to authorized signers on your account(s); 2) instruct each person to whom you give your password that he or she is not to disclose it to any unauthorized person; and 3) immediately notify us and select a new password if you believe your password may have become known to an unauthorized person. We may suspend or cancel your password even without receiving such notice from you, if we suspect your password is being used in an unauthorized or fraudulent manner

There's a startup building an API layer for banks that would make this better. The name has slipped my mind right now, but perhaps someone will know. IIRC it is about replacing ACH entirely.

I have never understood that argument, I've heard it many times though.

You would freely give out the private key of your credit card (credit card number/expiry date/cvv) to any online merchant, but hesitate on authing your bank account user/pass which you can change anytime you want?


Don't think they ask for banking username and password. They only state they will directly debit it from your account, which does not require sharing your bank credentials. All you probably need is a one time authorization for them to be able to debit.

I just got part-way through the signup, and didn't fund my account because of this issue.

Maybe different for other banks, but this was the requirement for Chase.

In my experience, bank logins are used for instant verification of funding. For example, Robinhood uses it likely to verify legitimate users for its $1000 instant funding service.

Privacy uses Plaid on the back-end for this and does not store user credentials.

Don't care, use my ach info

ABA/DDA are inherently less secure than online access credentials. An account can be directly debited if ABA/DDA are compromised, and they cannot be rotated without closing the account. Plaid tokenizes all this to avoid any potential issues -- and further, if credentials are somehow compromised they can be rotated very easily.

Yes but plaid can see my transactions and balance

We already trust mint.com with this information. I don't see the big issue.

Services like Mint, Personal Capital, MoneyWiz, etc don't directly store or use your banking login, they pay to go through secure, well-known services like Yodlee http://www.yodlee.com

Is privacy.com actually asking for bank logins, or just your bank account number/routing? In either case, it is nothing new or uniquely scary about this service. If you're not comfortable with this, then there really aren't any third-party online banking apps you are going to be comfortable with anyway.

Not everyone does. And anyway it's owned by Intuit which has a much longer track record than this new company, so it's not the same thing.

How's that article relevant? It's the typical Krebs "IRS sucks" piece with some intuit mixed in, because apparently even fraudsters - doing potentially hundreds of filings a day - think that turbotax is the most convenient way of filing your taxes.

On the contrary, this is why I don't use Mint...

> Privacy is PCI-DSS compliant. We are held to the same rigorous security standards as your bank.

I always giggle when I see that.

There's a relevant (and pretty funny) ServerFault question from 2011 I'm immediately reminded of:

"Our Security Auditor Is An Idiot. How Do I Give Him The Information He Wants?" http://serverfault.com/questions/293217/our-security-auditor...

Wow that was a interesting read, to say the least. Thanks for the link!


An eight and only eight character password? Less security than a social network, all aboard the American banking system!

"Privacy is PCI-DSS compliant. We are held to the same rigorous security standards as your bank."

Hey, us too!



My bank's security is a password that is a maximum of 8 characters, no symbols allowed. Seems rigorous.

Same at vanguard

"Never forget the cancel one of those pesky 30 day free trials."

This is very misleading to say the least. Not paying for a service doesn't cancel a service. If they tried to bill your card and the card was rejected that doesn't mean the service is cancelled.

The point is they can't charge you again. I'm struggling to see what you are getting at here.

They may be able to still bill you and you may be legally obligated to pay, you are just taking away their way of automatically collecting the bill. You may still actually owe the bill; just because you didn't pay a bill doesn't mean you don't owe the money.

All this depends on the company, what you signed up for, if it was a contract, the TOS, etc, etc, etc.

For a real silly example to illustrate - lets say I signed up for Comcast and gave them a single use credit card number for automatic bill pay. When the second month comes around they attempt to charge my credit card and the card is declined. That doesn't mean I suddenly don't have to pay my Comcast bill, it just means they can't collect it automatically. Comcast will take a few months to cut off service[1] so you'll end up owing them several hundred dollars. Eventually if you don't pay they could send you to collections. Collections can take you to court and then when they win they can garish your wages, etc, etc.

Yes, I know this is a silly example and its unlikely to happen with the majority of "free trial" services on the net but that doesn't mean its responsible to basically advertise "yeah, just give any company a temporary number for a free trial and forget about it." Especially since a lot of services with a free trial are with companies that have a lot of resources.

A less silly example would be if I signed up for a gym with a two year agreement and a year later I canceled my credit card and stopped going to the gym. In that case the odds of me being billed further and sent to collections is very very high.

[1] they do that around here, I know someone who only pays their Comcast bill every 4 months or so...

The mitigation they are referring to is the deceptive recurring billing fraud.

Depending on the service, they may send collections after you, and you may be legally obligated to pay. Gyms do this.

That's well outside of what is commonly understood by "one of those pesky free trials". That's some other contract that someone would have to have agreed to.

It would be very hard to convince a judge that you honestly believed, based on reading that slogan, that Privacy.com would somehow release you automatically from any terms of any contract you might sign that happens to involve a trial period.

>It would be very hard to convince a judge that you honestly believed, based on reading that slogan, that Privacy.com would somehow release you automatically from any terms of any contract you might sign that happens to involve a trial period.


Where on earth did I say that? Where on earth did I say it would be a defense in court?

It's very misleading advertising. So misleading I think its irresponsible.

You're right, sorry, replace "a judge" for "anyone"

So what happens when I have to return something and they put the money back on the card I used to purchase it?

The refund will go directly back to your original funding account.

How does this work if the number is temporary? Is there a time limit for a refund?

Great company name. How'd you get the domain?

Quick question to founder lurking here - if you're advertising yourself as a credit card and yet you do not extend credit (and use bank account as funding source) aren't you misadvetising? If it's just a virtual debit card, you are likely providing far less protection to consumer than a credit card would.

I'm in love. Seriously, been waiting for this for soooo long. And the fact that the website supports two factor auth + is SUPER easy to use makes this a double whammy!!! :)

I've been a customer for about 5 minutes, have used it twice, and am already going to recommend it.

edit: I'm quite aware that this has been possible, but both banks/credit cards that I have make me jump through tons of ugly UI and clicks to make it happen.

Have you tried https://abine.com/ ?

This is one of those things I have wanted to make so many times and I assumed it would either be technically impossible (card numbers not actually a huge number space) or it would just get marked as fraud.

Excited to see someone giving it a try.

For big banks, it has been technically possible for a while (since 2002 in France[1]) you can create a single usage card. The issue is the cost of that service, and it's probably only working on Windows PCs.

[1] https://translate.google.com/translate?sl=fr&tl=en&js=y&prev...

Obligatory country smug. We have had this in Sweden for at least 5 years, possibly a decade.

Plenty of US companies either currently offer this service or have offered it in the past. This isn't exactly a new concept.

These services aren't usually very popular.

Obligatory "no we can't have nice things". Something like this was available to all Discover card users 5 years ago, but a bit hidden on their website, and was discontinued.

I think most people prefer to do what's most convenient (have one credit card/number) and patch up any abuse/fraud after-the-fact.

Wish they explained this better:

"Please ensure this information is accurate. We're required to verify this information against public records. But don't worry, we'll keep it private."

I suppose I'm legally opening a bank account, which has similar requested info as this, but are they checking my credit (probably not, I know, but it makes me uncomfortable)? Will wait a while.

You're right the language here should be better. FWIW, you're not opening a bank account and we aren't pulling a credit check (per our FAQ). We cross check the information as part of our AML / KYC policy.

What are those? EDIT: Probably some money laundering stuff?

Anti Money Laundering / Know Your Customer

Anti Money Laundering / Know Your Client

Not bank account, prepaid card account; which carries almost the same legal requirements of opening a bank account. Prepaid program managers are not required to credit check to establish the account.

I signed up for this. Sadly, it is not what I thought it was and the website does not make it very clear. Basically, this is for online purchases only. To make matters a bit worse, it wants to connect to your real bank account.

What we need here is a physical credit card that I can use in the real-world that has a new number on each swipe. Most of my historical fraud has happened because I probably swiped my card at a location that was compromised.

Just my two cents.

> a physical credit card that I can use in the real-world that has a new number on each swipe

We have that already (chip cards, which are currently being rolled out in the US and already standard in the rest of the world, generate a new single-use token for every transaction).


If you use Apple Pay then that's exactly what you get. A unique credit card number is generated per transaction and passed to the merchant.

Not only is it more secure but it also helps protect your privacy against retailers that use your card number to track your purchases across their brands.

Apple Pay uses the same token for many transactions. It's not unique per tap.

Totally agree. Not all places take Apple Pay and not all places require chip inserts.

> Most of my historical fraud has happened because I probably swiped my card at a location that was compromised.

I travel a ton and also do all my shopping online, for years. I have to replace one of my three credit cards every 3-4 months. That is usually within a week or two of visiting a gas station or taxi, places where they don't use chips and in the case of taxis still have the gall to use the paper carbon copy machine things. Whatever though, when a card gets lifted Chase takes care of the charges and overnights me a new card wherever I am (even international).

Although I've had many notifications over the years about my card data "possibly" being compromised in some online breach, I don't know that it's every been a real issue.

This service makes sense if you don't have a (real) credit card and for some reason want to link your real cash account to a payment service. Otherwise I don't think I get it, or why I would forget my credit card, anyway.

I accept that disabling JavaScript is generally a losing battle, but it specifically irks me when the website of a privacy-centric service is just completely blank if you don't have JavaScript enabled. Of all 30 people out there browsing without JavaScript, it seems like they have an elevated chance of all wanting to learn about this service, and I find myself moderately discouraged from trying it by this issue.

You're right. We should've done a better job with this. It was a trade-off and we decided against, but we should done a better job communicating it. Hopefully you can enable Javascript for us and give it a shot :).

The email you send to verify the bank comes off as SUPER shady. It reads exactly like a phishing email. It doesn't talk about which site / bank I'm using. Might be worth fixing.

From: Account Management Team <account.management@acctmanagement.com>


Thank you for being a valued customer.

Sincerely, Online Banking Team

So the crazy thing is that's actually an email from your bank :E. We have no control over the formatting of that email.

This is super close to the product that I really really really want. The only thing that's missing for me, is that this requires a checking or savings account. When I purchase something with my credit card (most things), it's because I want the rewards program points. With this, I don't get that. If I can't pay with my credit card, then I'm losing money (~$300/yr).

I really want a product that let's me proxy my credit card (and change it when I get a new card). I want a firewall for my credit card.

How do they not run out of numbers? According to this random image I found on the internet, each bank has a space of one billion card numbers. If you have ten million customers, say you're going to run out of these very quickly.


Can you have a same number as somebody else but with a different expiration date, csv number and/or cardholder's name?

I like this, especially the repudiating of the privacy-hostile billing name/address voodoo. But I'd worry about forgoing the traditional protection of credit card chargebacks, and having to rely on debit card terms and direct ACH.

We make chargebacks just as easy. There's a button you can click next to the transaction that will initiate the dispute process - we'll deposit the funds back in your primary funding account and follow up with you, then resolve with the merchant. You're also covered under Visa's zero liability policy.

Sure, but an unauthorized charge is a clear cut case. I'm talking about an authorized charge from a merchant who is later uncooperative for whatever reason. I would think that a longstanding credit card company would have a more account-holder-friendly dispute process, but perhaps this is just a perception you have to overcome. Furthermore with a credit card one never loses the money until they decide to transfer it, regardless of company policies.

Convenience is good, but it isn't exactly the same as having the full might of credit card consumer protection laws.

Mastercard has this service in quite a few countries, the downside is that usually they do not offer the same insurance as for the normal cerdit card and those cards will not pass an actual credit check. Other issuers, banks, and other organizations (post office for example) also offered similar services.

I never really liked these services they don't really support recurring payments, some of them force you to purchase a card with a specific amount rather than it being valid for a specific transaction, some times they have issues with various 3d party checks (pre-paid card check, region lock/address verification, fraud etc.) and more importantly it's not an elegant solution as you end up with allot of credit card numbers.

Overall while this one might have a nice UX it doesn't really solve a problem that hasn't already been solved either through Paypal or trough your own credit card company. I can see all payments on my Amex and Visa cards in the UK, I can check which ones are recurring, I can initiate a charge back and for everything else well there's paypal which offers even an easier UX.

The reason this doesn't solve a problem is because it's an attempted technological solution to a non-technological problem.

If you're going to do business with someone, a certain amount of trust is required, and there isn't any working around that with technology. If you don't trust a vendor to refrain from stealing your credit card information, how can you trust them to actually deliver the goods, not spit in your food, honor the warranty, etc, etc? Alternatively, if you do trust them to do those things, trusting them with your credit card number isn't much of a leap, especially given that banks are actually incredibly efficient at identifying and dealing with fraud, if not preventing it outright.

Well it does solve a small technical problem, trusting vendors is hard Sony, Target etc. are "trustworthy" but still got nicked and the credit card data of millions of customers was compromised. But that's not a problem most consumers have to deal with, their credit cards are insured, debit is a different story but in the US at least the amount of debit transactions is still fairly limited.

The biggest issue i see with this is that this isn't the most sustainable business model credit card costs are balanced more or less by the trust that the issuers has in the credit card holder (your credit limit, interest etc.) and the trust the acquirer has in you when you perform a transaction, prepaid cards are more or less notoriously untrusted by both because the issuer basically thinks you are too much of a liability to give you credit and the acquirer doesn't know who you are because that card has no credit history and single use cards are much more often abused for illicit purposes.

The stop subscriptions aspect really stood out to me, I had to spend 40 minutes on the phone with that darn company to get things canceled, even though I only used it for one day for an hour.

It's important to remember that just cancelling a payment method doesn't necessarily mean you're unsubscribed. If you're still getting a service, you're still on the hook for paying for it one way or another.

If this is true, then Privacy.com doesn't resolve this obligation. The temporary card number won't be chargeable by the merchant, but you'd still be on the hook for the renewed (and unpaid) service.

It certainly changes the burden of notification. A company can setup many hoops for canceling, forcing you to go through some asinine phone tree and drone script to stop charges to your card. Whereas lacking an established payment channel, they can no longer play dumb if you eg send them a simple email to cancel.

I think this is one of the best aspects of the product. The power is shifted to the customer.

If you signed up online, the company must provide a way to cancel online per visa rules. Check their TOS, they probably list a way to cancel online via email or whatever.

Got a citation on this? I'd love for it to be true, since it'll save me a lot of effort. But WSJ, for instance, requires you to cancel via phone even if you sign up online.



"Provide an online cancellation procedure if the Cardholder's request for goods or services was initially accepted online"

Nice find. From some other quick research, if there is a violation, you have to report it to Visa via phone or mail.

Looks like they used to have an online form a several years ago, but it went missing. Various blog/forum posts indicate that most people have had no luck getting any sort of response from Visa via mail.

I'm not sure if I'm ready to hand over personal details to Privacy, there's not much assurance other than "We'll never sell your data to anyone".

Does privacy.com see where I make all my purchases? Is there a collection of my metadata? What assurances do I have that you take personal privacy seriously?

Any way this works without a browser extension? I'm assuming such an extension has full access to every single page in order to do its job, which is a huge security risk. You don't need to be reading my emails or passwords.

It does :), you can create directly from your dashboard without an extension. The current onboarding flow pushes you towards creating a card first, but we'll patch that.

Good to hear! Bring this to Europe and I can see it being very popular, credit cards aren't as common or easy to get here and ordering outside of your local country often requires one. I imagine that's still a long way away though :).

Credit cards are hard to get in Europe? If you are talking about cards with credit line, sure, but debit/prepaid cards are pretty easy to get (e.g. Number26, Monese, Revolut, Fidor etc).

How about virtual one-use ones?

Sorry for the late reply. Maybe check out Entropay, they are 4.95% though. Some airline booking sites even provide a discount when paying with one.

Is this Final without a physical card?


It looks like that to me. I loved Final's ad (done by Sandwich Video) but they've been in "closed beta" for a long while.

We're still hard at work, working on getting it in consumers hands shortly.

Great to hear (I'd love to test; coming from Australia, the lack of chip+PIN here is worrisome! Final would cure a lot of that for me)

The other big difference is prepaid vs credit, which while nuanced, unlocks a ton of other functionality on any payments product.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact