Just came across Privacy.com, and wondering what’s the point?
Basically you have disposable cards, and create a new card for each merchant, to minimise fraud. This is their pitch in four sentences:
Controlled
Freeze cards and set spend limits. Take back control of your money.
Secure
Cards lock to merchants, making them useless to thieves and hackers.
Private
Use fake billing details, and mask your purchases on your bank statement.
Disposable
Delete cards anytime, and kiss forgotten subscriptions goodbye.
If you read through their site the focus on protection against fishy merchants, leaked card details and auto renewed subscriptions. But why?
Fraudulent merchant: Chargeback takes care of that
Card details leaked: Again, chargeback is your friend
Auto-renewed subscription: There are two cases:
I haven’t cancelled the sub: Just having a payment fail does not end my liability to pay (although the merchant may cancel the sub rather than try and collect the money by different means, of course).
Merchant keeps debiting my card despite my cancellation: Chargeback is my friend again.
Sure, a chargeback can be a pain and take a while, as does getting a new card when your existing card details are stolen. But surely, dealing with chargebacks every once in a blue moon is still simpler than generating a new card for every freaking purchase?
Apart from using fake billing details (which may cause its own problems if you ever need to make a claim [warranty or otherwise] against the merchant) where does this help? Or is chargeback just not a thing in the US?
Chargeback is a slow process and you are not guaranteed success, whereas cancelling/pausing a card is instant.
Setting limits per merchant means they cannot accidentally double bill you (which in tight financial situations can cause further issues).
It’s listed as an idea on this Monzo board (under tons of work).
3rd party data breach takes out one unique pseudo-account, rather than leaking the actual account details and requiring a new card (and setting up all previous transactions that used this card). Even the most reputable lillywhite non-shady company is not immune to data breaches.
Reduced hassle in the case of a chargeback being needed. If the psuedo-account only has enough money in it to pay for the intended transaction, then any spurious charges that might need a chargeback can never exceed that amount. Having everything in one account and a large spurious charge being placed means that money can end up in limbo until everything is settled, which leaves you out of pocket in practice
Reduced fallout from chargebacks. Many companies will blacklist cards that have executed a chargeback for any reason. If two companies share the same payment processor, performing a ‘legitimate’ chargeback against one company may result in your card being blacklisted with the other. Using a virtual account avoids this fallout.
Chargebacks are global, and most banks in the US provide far more protection than the chargeback process alone (not all, though… some are terrible).
I see this as being more focused on privacy (as the name would imply) than security. Though my own concern is, while there may be more privacy from the merchant… what is privacy.com doing with all that data?
Thank you all. Most interesting discussion. I’m still not convinced that the benefit outweighs the cost (in form of effort involved in creating and maintaining dozens of cards), but obviously others do.
According to their privacy policy: not much at all. (This is a very concise and clear privacy policy, which I find impressive. And speaking about impressively concise and clear: I wish more financial institutions would provide something like this)
Revolut offers virtual cards which can be easily deleted and new ones created if required. I use one for all the app parking accounts I have so I don’t have to change each account when my primary online debit card changes (e.g I’m on my fourth Monzo card number now).
I can see it being most useful for subscriptions. I’ve heard of people having trouble cancelling a subscription in that they keep getting billed after cancelling the service. Dealing with this could be a major hassle if you have to cancel the card. A new card for every purchase would be a hassle, but a different card for each of a handful of subscriptions sounds worthwhile to me.
Remember, just because the card quit working doesn’t change your contractual obligation to pay for the subscription. They could go to a collection agency and get it on your credit reports…
Be careful who you subscribe to!
P.S. It’s worth noting that most bigger-name services don’t work like this. For example, when I moved, Disneylife failed to bill me and just cancelled my subscription. Some, however, especially sketchier services, do work like this. After all, if they won’t let you easily cancel, what else are they willing to do?
To be clear, I had heard that the person cancelled their subscription, but could not get the monthly billing cancelled. A credit card subscription is not like a direct debit where you have control over cancelling the mandate to take the payment. I don’t know how true or common this situation is. But I’m not suggesting unique/disposable card numbers as a substitute for cancelling a subscription.
That’s not quite true. These are known as continuous payment authority, and you can cancel them through your card provider at any time. Some card providers don’t like you doing this, and will try to convince you that they can’t, but that’s not true, and you should complain with the financial ombudsman in that case
Someone should tell Monzo this - I had a CPA with a company that I quit after the trial period and contacted Monzo to confirm that I didn’t want that company to take more money. Customer advisor told me that any company could take money if I have given the long number and the only way to make sure they couldn’t would be to cancel the card and reissue.
I would really like the option for disposable card numbers for exactly this situation.
I know the issue of Continuous Payment Authorities came up at another fintech and if I recollect correctly there was some discussion of the responsibility of banks in this regard. While the FCA gave instructions to the big high street banks on how cancellations should be handled, I am not sure if these instructions applied to smaller banks as well.
Big banks were asked to enable customers to be able to cancel their continuous payment authorities, even if no action had been taken to do so by the merchant.
Now it may be that such instruction would be verbal, however I see a technical solution. Why not be able to click on a transaction and select an option to cancel/reject further payments from that merchant?
In the bunq bank app card transactions at POS e.g. chip and pin have a terminal icon and they do not have any menu options regarding future reoccuring payments.
Other card payments appear as Online transactions and have a globe icon. These transactions have an option to edit future payments. So it may be possible to introduce something along these lines.
Here is a screenshot of their app, illustrating how they handle these payments:
“Customers can generally cancel a CPA• with the merchant as well as with their bank, although they are still responsible for any money they owe. The FSA•• became responsible for the rules around cancelling CPAs in November 2009 with the introduction of the Payment Service Regulations; under the rules banks must cancel any CPA so long as properly instructed to do so by the customer."
NB: The FSA has since been replaced by the FCA and PRA!
The FCA assessed firms’ processes and procedures in mid-2012 and followed this in early 2013 by testing outcomes for consumers who had asked their bank to cancel a CPA.
The FCA has worked with approximately 90% of the debit card market and a number of major credit card issuers on this issue - first looking at processes and procedures and then customer outcomes.
By 2012 most banks tested had processes and procedures that confirmed a customer’s right to cancel with them. However there were some inconsistencies in the actions that banks took following cancellation notices and therefore some consumers would not have been able to stop a CPA with their bank.
When the FCA tested individual outcomes in early 2013, of approximately 40,000 notifications assessed, around 70% were found to result in a successful stop. Where a cancellation notice did not result in a successful stop most firms provided a refund.
The FCA noted cases of customers not getting a refund if a payment was made and cases of customers being unable to stop payments to payday lenders. Where the FCA found these instances it intervened to ensure that the banks involved changed their processes. Customers of these banks should now be able to stop payments to payday lenders and receive refunds if payments are taken after cancellation notices.
Payments of over £7.5 billion are made each year through CPAs with each transaction worth on average £45; for payday loans the average is £80.