Slinging your credit card information all over the web may be the norm when you’re online shopping, but playing fast and loose with those precious numbers is just begging for identity theft to happen. A new company dubbed Privacy.com thinks it has a solution to the problem. Instead of handing out your actual debit and credit card numbers, Privacy.com lets you create “virtual” debit cards that are locked for use with a single vendor, or “burner” cards that are valid only for one-time use.
If no one has your actual credit card, the thinking goes, then your credentials are safe from the next major database breach—or the one after that.
That basic idea has already gained interest from investors. The company announced in October that it had raised $1.2 million from investors, including Jim Messina, former White House deputy chief of staff and main driver of President Obama’s 2012 re-election campaign. And the company’s founders include Andy Roth, the former chief privacy officer for American Express.
Privacy.com is free to use and makes its money by taking a cut from the interchange fees that merchants pay to Visa and the banks. It works primarily as a web app in Chrome and Firefox (Safari and Internet Explorer support is coming soon), but there’s an iOS app too. There’s also a handy Chrome extension that can auto-detect payment forms to create a new temporary card in a few clicks without leaving the page.
Why this matters: Privacy.com is another example of the Internet coming up with solutions that just aren’t practical in the physical world. Having multiple cards linked to your bank account and locked to specific vendors is a good way of reducing credit card fraud. An individual card is far less useful to thieves if all it can do is buy Netflix subscriptions or video games on Steam. Creating that system with plastic cards would be far too costly. A computer, however, can generate a card number and get into the payment system in seconds.
How it works
The sign-up process for Privacy.com is very simple. You start with an email and password, then add your name, address, and date of birth on the next screen. Finally, you connect your bank account to your Privacy.com account by handing over your banking account’s username and password. Once that’s done you’re on your way.
You read that correctly. Right now, you can’t use Privacy.com by connecting it to your debit card or using details from the bottom of a check. Only your bank login credentials will do.
“We’re planning to add [debit card and check sign-ups] as funding options later,” Privacy.com CEO Bo Jiang told PCWorld via email. “But instant account verification (bank login) was the fastest and lowest friction way of doing so. It also helps us reduce fraud.”
The company says your login details are “passed to your bank over a secure TLS (SSL) connection.” The company also says it is Payment Card Industry (PCI) compliant and uses a 256-bit encryption key to secure your details.
Requesting your bank details isn’t uncommon among some financial services. Intuit’s Mint.com, for example, also asks for your bank login details when adding an account.
Bottom line: If you’re not comfortable handing over your bank credentials to Privacy.com then this service is not for you.
Once you’re up and running, it’s simple to create virtual debit cards. First, you’ll be prompted to install the browser extension and sign in using your Privacy.com credentials. Right now, Privacy.com only has a Chrome extension, but one for Firefox is coming.
Before you start creating cards, I’d strongly advise clicking Account at the top of the Privacy.com dashboard and enabling Two-Factor Authentication. For that, you’ll need an authenticator app on your smartphone, such as Google Authenticator or the recently released LastPass Authenticator. This adds an extra layer of security to your account that makes it much harder for hackers to break in.
Now, it’s time to create a card. When I first tried the service, I only had an option to create my first virtual card using the browser extension. Once I’d done that I could create cards using the web app. Jiang says this is a bug that should already be fixed.
To make a card, click the Create Card button on the web app or select Create a New Card in the browser extension. If you have two-factor authentication enabled—and again, you should—then you’ll be asked to enter a TFA token.
Once that’s done, you’ll hit the interface for creating your single-merchant card with several options. Click the dollar sign icon to set a purchase limit. If you don’t set a limit the card will top out at $1,000 for the day and $2,000 for the month. Click the flame icon and you’ve created a one-time use burner card. You'll also want to select the text cursor and give your card a memorable name like “Netflix ‘n’ chill.”
Once you’ve adjusted the card to your liking, click Create card and it will be ready in a few seconds, complete with expiry date and three-digit security code.
That’s about all there is to Privacy.com. It’s a fast, simple way to keep your actual debit cards out of the hands of online retailers with virtual plastic that is locked to a specific merchant. Handy!