Better Payments with Privacy.com

Privacy.com is an excellent service with a terrible name. They provide merchant-locked virtual debit cards. I’ve been using them for about three years. Around 90% of my online transactions go through them (the other 10%-ish is PayPal).

When one of their card numbers is first used, it becomes locked to that merchant. The card will reject transactions from anyone else. This immediately eliminates the problem of stolen card numbers. If a random ecommerce website leaks my card details, I don’t care, because nobody other than the original merchant can place a charge on the card.

When generating cards, Privacy.com also allows you to set dollar limits, either in total or for a period of time. This eliminates the problem of unreliable subscription services. For example, the card tied to my Amazon Web Services account has a monthly usage limit slightly higher than my average monthly bill. If AWS tries to double my bill one month, the transaction will be rejected.

Cards can also be paused. While I use the periodic dollar limit feature for things like subscription services with regular payments, other cards in my Privacy.com account stay paused when not in use. A paused card rejects all new transactions. Before making a purchase on a website, I login to the Privacy.com website and unpause the associated card. I then make the purchase as usual. Placing an order usually results in the merchant immediately placing an authorization on the card for the purchase amount. Existing authorizations can still be captured on a paused card, so at this point I can switch back to my Privacy.com tab and re-pause the card, preventing the merchant from taking any more money than the agreed upon authorization.

Cards can also be closed. Effectively this is the same as pausing a card, except that it is permanent. This is useful for signing up for free trials that still require a method of payment. When the trial is up, if you choose to not continue using the service, inform the provider and simply close the card.

Privacy.com offers software you can install on your telephone. I’ve never used it. I don’t trust my phone enough for it to touch money in any way. They also offer browser extensions, which I also have never used. Their website works great, and I see no need for locally installed software of any sort.

Over my few years of using Privacy.com, I’ve never had a problem with their service. I’ve never had to contact their customer support, so I have no idea how that works. I’ve had merchants issue refunds to my Privacy.com cards half a dozen or so times, and those have always come through and landed in my bank account without drama (even when the original charge was on a card that at the time of refund was paused or closed.

Last year, Swift Silent Deadly posted an in-depth overview of Privacy.com. This provides a good overview of the service. What he wrote matches my experience, with one glaring exception. He mentions giving Privacy.com access to your bank account. I don’t know if he is referencing some shady Plaid bullshit or if he simply means providing them with routing and account numbers and going through ACH. I did neither. When I signed up, Privacy.com allowed me to add my real bank debit card as a funding source. That is the only way Privacy.com has to push or pull funds from me. If they ever become untrustworthy, I can just cancel my real debit card, and Privacy.com will loose all access to my money.

The debit card that I use for this is tied to the checking account that I previously used only for PayPal. This provides an additional layer of defense, in that there isn’t much money hanging around in that account for someone to steal. I usually keep around $100 in it for incidental purchases, and transfer more in from my real accounts when I plan to make a larger purchase.

Privacy.com has free and paid tiers. I am on the free tier. Apparently it has some limitations in terms of number of cards generated per month and total monthly spend. I have never run into these limitations so I have no idea what they are. They claim that they make enough money on us low-volume free tier users by collecting the transaction fees that merchants pay to process debit cards. I would be very unhappy to return to participating in the electronic commerce market without a service like this, so they would probably have a pretty easy time convincing me to move to a paid plan if they ever decided to eliminate the free tier.

I’ve heard some banks offer virtual card numbers somewhat similar to Privacy.com, but perhaps without the merchant-locking and spend limits. While I refer to my “bank” accounts, my accounts are actually with credit unions. Credit unions tend not to be at the forefront of technology, so I need a third-party to provide this functionality.

Privacy.com says that they offer merchant masking to their paying customers. This means that transactions show up in your bank account as “Privacy.com” instead of including the name of the merchant. I suspect this may be where their business name comes from. I suppose that is great if you have a joint bank account and want to hide your Porn Hub subscription from your spouse. But it is not a problem I have, so I maintain that their name is dumb and has nothing to do with their excellent service. If anything they reduce my privacy, since they are now an additional party involved in all of my online purchases. But I’m good with that trade-off.