The internet can be a dangerous place for your debit card. When a phishing site isn’t enticing you to hand over your account info, credit card databases are getting hacked. Privacy.com from Pay With Privacy, Inc. offers a solution to these issues that’s not just hoping for the best. Instead of putting your actual debit card number out there, the site lets you create “burner” debit cards that are locked to a single vendor, or meant to be used just one time. These aren’t physical cards for use at a local store, but digital cards for use online.
It’s kind of like a VPN for your bank account. Instead of using a bank card, you give websites an intermediary card. If that burner card should ever get caught in a database breach, it can be disabled or deleted with a few clicks. Even if the bad guys do use it, the card won’t work anywhere except at the vendor it was stolen from.
Contrast that with canceling a debit card, which usually requires a phone call, and then waiting for the bank to issue a new one. Plus, if that canceling doesn’t happen quickly enough, the pilfered card could be used anywhere until the bank notices odd activity.
Privacy.com started out four years ago as a startup with a mix of technologists and veterans of the finance industry. Today, it’s still going strong with some minor changes to its product in that time. Overall, it’s an excellent web service that is easy to use and provides a good service for those concerned about protecting their bank accounts.
Signing up for Privacy.com is just like any other web service, with a request for an email and password. After that, you fill out some personal information, and then connect a funding source via either your debit card or banking details. The latter requires entering your online banking details via Plaid, a company that specializes in connecting bank accounts to mobile and desktop applications.
For entering a bank login, Plaid throws up what looks like a mobile login for each bank it works with—it covers more than 15,000 banks.
Once Privacy.com validates the funding source, you’re ready to create cards. Privacy.com makes its money off of the transaction fees that merchants pay to debit card providers such as Visa and MasterCard. It does, however, offer several paid plans for its services as well.
Most people will do fine with the free plan, which includes the ability to create up to 12 cards per month. These can be single-use cards for special purchases, or cards locked to a single merchant. The cards can also have narrow spending limits such as $100 or less. The free plan also covers use of the browser extensions for Chrome and Firefox.
A Pro plan costs $10 per month and adds the ability to create up to 36 cards per month, priority support, and 1 percent cashback on the first $4,500 spent each month. There’s also a feature called Discreet merchants that lets users hide transaction information.
There is also a Teams plan that costs $25 per month and lets users create up to 60 cards per month, provides dedicated account management, and adds more customizable transaction limits. Privacy.com plans to add multi-user support in the coming months thereby putting the team in Teams.
Using the service
Once an account is validated, creating a new card is easy. Click on New Card towards the top of the page, and give it a nickname. Normally the cards are named after the vendor where it will be used. Using a mainstream vendor name gives you the option to use an icon with the the company’s logo on it.
Then it comes time to adjust the spending limit. Each card can have a spend limit on a per-transaction basis, or monthly or annual spend limits. Here we can also activate the Single-use slider, or choose to have no limit at all. By default, Privacy.com suggests a $100 monthly limit.
We’re fans of the per-transaction limit, especially for services like Netflix or Spotify where the cost will always be the same. There will obviously have to be adjustments when the services increase their monthly fees, but that isn’t a frequent occurrence. Once a card is created, it can also be paused so it will not authorize any further transactions until the pause is removed.
Privacy.com cards don’t lock to a vendor until they’re used for the first time. If a card named Netflix is used on Amazon it will be tied to Amazon, not Netflix.
One issue with Privacy.com is that sometimes its anti-fraud filters can flag an account for unusual behavior. This happened during testing when we tried to make a purchase from a popular online bookseller (not Amazon). Privacy.com’s filters paused the entire account, which made it impossible to make purchases.
The problem was we didn’t see any kind of notification within the account detailing what went wrong. The company also didn’t send an email with a fraud alert. Everything just went dark with a small toast notification telling us to contact support. Not a particularly good customer communication on the company’s part.
Privacy.com’s support desk was very responsive, however, and the company corrected the issue within hours.
When it comes time to pay online, the debit card is just like any other. Fill out the card number, expiration date, CVV code, and home address if required. To make this process easier, install Privacy.com’s browser add-ons, which let you copy card numbers, as well as view the card expiry date and CVV number.
That’s really about all there is to Privacy.com. It makes creating cards easy, and allows you to use them with numerous vendors online.
Like any good card issuer, Privacy.com offers a few rebate plans. There’s the aforementioned 1 percent cashback for Pro users. Privacy also offers a referral plan where users get $5 for every friend that signs up and makes at least one purchase with a Privacy card.
Privacy.com is available for the desktop using the web app; there are apps for Android and iOS in addition to the Chrome and Firefox extensions.
Privacy.com says it is PCI-DSS compliant (Payment Card Industry Data Security Standard), which are the same security standards that banks comply with.
Privacy.com says it hashes account passwords using PBKDF2 (Password-Based Key Derivation Function 2) with 100,000 iterations. The hash is then salted to make it even harder to figure out what the actual password is.
Privacy also uses TLS and HSTS when logging in and using the website, and its internal systems communicate using IPsec with AES-256 encryption. You can read all about Privacy.com’s security measure on this dedicated page.
Privacy.com is easy to use, it works almost everywhere, and the idea of protecting a debit card with a card number that can be easily deleted or paused is an excellent concept.
Like anything with computer security, it all comes down to whether you trust the company. Given that Privacy.com has been in business for four years now with no major complaints, we see no reason not to trust it.