A great technique for protecting your money
I’m a huge Star Trek fan. When Star Trek: Discovery was announced to be a streaming-only franchise, I had no hesitation. CBS All Access1, take my money!
A couple of years ago, I decided I wanted to give a subscription to a friend. The problem was he needed to sign up for the service, so there was really no way to make it a “gift”.
So I gave him a credit card instead.
But not just any card.
Become a Patron of Ask Leo! and go ad-free!
Virtual credit cards allow you to use a different credit card number for each online merchant. Privacy.com allows you to assign spending limits and control when and how the card is used. True to their name you’re not required to disclose your actual billing address to the merchant. While there are important differences from an actual credit card, Privacy.com’s free tier is a great security measure for most.
Virtual credit cards
A “virtual” credit card has no card. Instead, banks and credit card companies offering them make up a completely new number any time you ask for one — online.
It’s like having an almost unlimited number of credit card numbers that all come out of your one account.
Why would you want this?
In a word: breaches.
The idea works like this:
- You want to purchase something from reallybigbookstore.com online.
- You go to your credit card company and have them generate a new number for your account — a virtual credit card, complete with expiration date and security code — that you provide to reallybigbookstore.com and only to reallybigbookstore.com. You don’t use this virtual credit card anywhere else.
- Some months later, reallybigbookstore.com gets hacked, and their credit card information is stolen, including yours.
- You shrug your shoulders, tell your credit card company to turn off that virtual card, if they haven’t already, and move on with your life.
No new card. No unexpected charges. In fact, you never have to give out your “real” credit card number at all to anyone online.
Sounds great!
My credit card company does not offer this service. I kinda wish they did. I’m also kinda glad that they don’t since it forced me to look for an alternative.
I found one that, in some ways, is better.
Privacy.com
Privacy.com is a free service. You associate a payment method in the form of your bank account information or a debit card. You can then create virtual credit cards to be used online. It’s as simple as that.
When you create a card, you can set spending limits on that card.
You can decide that the card can be used to charge only so much per transaction, per month, or per year, or you can indicate that the card can be used only once.
After setting the limit, your new virtual card appears.
As you can see from the example above, it’s complete with credit card number, expiration date, and security code.
First merchant is only merchant
Perhaps the most understated benefit of Privacy.com cards is this: the card will only continue to work at the first place it’s used.
So, if I first use this card at reallybigbookstore.com, then I can only use this card at reallybigbookstore.com. It won’t work anywhere else for me, for hackers, or for anyone. It’s been “locked” to that merchant.
So unless hackers suddenly turn around and start using the card at the very company from which they might have stolen it, it’s worthless to them.
Perfect.
Under your control
Note the “Pause” and “Close” buttons in the image above.
You can temporarily turn off a credit card by pausing it. While it’s paused, any attempt to use it will be declined. If you need to control how much or how often it’s used manually, this gives you that level of control.
And, of course, if you like, you can close the card at any time with a click of your mouse.
Full control.
Why it’s called “Privacy”
With a normal credit card, one of the items a merchant needs to be able to provide is your billing address or zip code.
None of this is checked when a privacy.com card is used. As long as the number, expiration, and security code is correct, and it’s used at only one merchant, and you haven’t paused or closed the card, you can use any billing address you like.
This means you never need to expose your true billing address to a merchant.
Particularly for digital goods, where that information isn’t needed anyway, you keep your location private.
The “catch”
There are important characteristics of Privacy.com you need to know about.
- Currently, your funding source can only be a bank account or a debit card. This means that when you make a charge using a privacy.com card, the money is taken out of your funding account right away.
- A privacy.com card is a debit card. We’ve been using the term “credit card”, but there’s actually no credit involved.
- Protections offered by credit card companies — like limited liability — are not present with debit cards. This is offset by the first-merchant lock and the ability to fine-tune spending limits for each card you create.
- You won’t rack up any credit card or mileage points, as you might on your normal card.
- There is no physical card. This is intended only for use online.
- You need to trust Privacy.com.
That last point is worth noting. You’re giving privacy.com the ability to take money out of your account. If you can’t trust them, this isn’t a service for you.
It’s also why I’ve waited close to two years before recommending them. Needless to say, I trust them.
My gift to my friend
My gift to my friend wasn’t fancy, but it certainly was practical.
I created a card at privacy.com. I gave it an appropriate spending limit (even including room for price increases ). I then took a screenshot of the generated card, much like what you see above, and gave that to him.
He signed up for the service using that card.
That was well over a year ago, and he’s been Trekking out ever since. (Discovery, Picard, and whatever else is on the Star Trek horizon. Like I said: CBS All Access, take my money.)
In the meantime, I’ve experimented using Privacy.com cards for an assortment of online subscriptions, and it’s been flawless. It’s a real comfort to know every such card has a nice, low limit, and should anyone mistreat me, I can turn off their payments — and only their payments — with the click of a button.
Privacy.com plans and limits
The free plan allows you to create up to 12 cards per month and does everything I’ve described above.
There is a “Pro” plan that costs $10/month, but also gets you 1% cashback each month (up to $45), and lets you create more cards each month. It also allows you to control what appears on your credit card statement. (For example, if you want to hide the fact that you’re using reallybigbookstore.com, you can tell Privacy to call it “Joe’s Sports Emporium” instead. )
The free plan has been plenty for me.
Privacy.com’s free virtual payment cards protect your money as well as your privacy.
I recommend it.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Podcast audio
Footnotes & References
1: Soon to be renamed Paramount+, as I understand it.
Great advice Leo! Always looking for new ways to stay safe and secure!
Luv ya man!
-Jim
This is great. I have a couple of friends who are too paranoid to get credit cards. Instead of using my credit card to buy it for them, I’ll turn them on to this.
It sounds interesting and “intriguing,” Leo
Having just had to cancel my current credit card account and have yet another one issued (about the 4th such case in about … 15 years) due to an attempted fraudulent charge, the concept has a certain appeal.
I do, however, have to ask the horrible question that is the fly in the pudding: “What if Privacy.com’s database gets hacked?” Everybody gets hacked – including shockingly irresponsible organizations like Experian. et al.
Thats like saying what if Visa’s or Mastercard’s or American Express’s database gets hacked, or that of your bank. Sure, it is theoretically possible, but ya gotta trust someone otherwise you’d not be able to do anything anytime anywhere. I did peek into who started Privacy.com and feel comfortable.
I’ve had 3 or 4 fraudulent charges posted to my credit card account. All were from purchases in physical shops. I’ve never had a fraudulent charge due to online shopping. Unfortunately, virtual credit cards can’t protect against that. The best way to avoid that is to use a legacy form of payment called CASH :-) unless it’s at a location where you insert the card yourself into the slot.
Twenty years ago (or more, I no longer recall) I got a fraudulent online change to my credit card. (It was very easy to spot: it was far more than I’d ever charge… oh, and did I mention that the charge was from South Africa?) A simple affidavit later and the credit card company made it all good. :)
I would love to get my child a Virtual credit card
Just remember that with this one, they require new a new card for each merchant, and it’s only for online stuff. But, yeah, you can have a LOT of control.
Leo –
My bank offered a free virtual credit card service that was linked to my actual credit card number that I have with the bank. Unfortunately, much to my dismay, the valuable service was terminated shortly before the pandemic. The bank cited changing technology (comprehensive fraud alerts, digital wallets, and secure payment options) for the diminished need for virtual credit card number. I don’t share their confidence in those technologies.
The virtual credit card service I had was very similar to what you described for Privacy.com. Privacy.com does provide finer control over spending limits and has a nice pause/deactivate function. And it’s always good to know that I can immediately and permanently close a virtual credit card number associated with a subscription that I have properly terminated.
However, the main disadvantage that I see is the need to provide Privacy.com with my bank account number for payment – the very same reason I don’t like debit cards. So once again, as you say, trust is a big factor. (To mitigate my concern, I’ll need to think about possibly setting up a separate bank account for Privacy.com.)
I have a few questions for clarification, please:
1. Near the end of your article in the section “My gift to my friend,” you state that “he signed up for the service using that card.” When you say “the service,” you are referring to the Star Trek subscription service mentioned at the beginning of the article – correct?
2. You’re NOT saying that your friend needed to also sign up for Privacy.com service – correct?
3. So your friend was able to use the virtual credit card number you created as a gift card for himself at any one vendor – correct? (With my bank, I was under the impression that a virtual credit card number I create could be used only with a purchase made under my name. Guess I was wrong all this time.)
Thanks, Leo. I’ve been looking for a replacement virtual credit card service.
“(To mitigate my concern, I’ll need to think about possibly setting up a separate bank account for Privacy.com.)” This is an excellent idea.
1. Yes, CBS All Access. I’ll see if I can go clarify that.
2. Correct.
3. Yes, once he used it at CBS All Access he could ONLY use it at CBS All Access. I could have given the card to anyone. Privacy doesn’t check name or location, just the numbers.
I’ve been using Eno from Capital One for a couple of years now. It creates virtual cards that can be locked and unlocked as needed and has a browser extension to make access easier. The extension in the Microsoft Store for Edge doesn’t work for some reason, so I use the the one available in the Google Play Store.
In the past, I did have to go through the hassle of closing a credit card account and opening a new one due to a card number getting compromised. Actually happened twice with the same card, which was a Visa card. Notably, I’ve never had it happen with a Master Card. With the Visa, I had used it for on line purchases and got notified by the card issuer when someone tried to use the number to make a small purchase, apparently in an effort to see if the number would work. As a result, I now steer clear of Visa cards.
If the merchandise never arrives, can I dispute the charge? Can I get my money back?
Generally, no, not with a debit card / bank draw. That’s what I mentioned as some of the protection you lose. I’d keep purchases low, at least until you build trust with the vendor, or continue to use a traditional credit card where that dispute ability is important.
I do not like using any of my “debit” cards, they have poor protection history.
I only like to use “credit cards” as they offer much better consumer protections against fraud.
I will wait till Privacy.com starts accepting credit cards….. so for now I will keep using Eno from Capital One.
I want to use my Costco Visa by CitiBank as a virtual card, but unfortunately and stupidly CitiBank stopped supporting virtual cards. A huge disappointment.
Hopefully Privacy.com may start offering virtual cards with credit cards.
Crossing my fingers.
For the free account you say, “The free plan allows you to create up to 12 cards per month and does everything I’ve described above.” To clarify, that means 12 NEW cards, and any existing/ongoing cards don’t count against that limit?
Very intriguing premise, thanks for the information!
That is correct.
No need to put your main banking account at risk, even if the risk is very small. Do as I did. I opened a free checking account at a different bank from where I do my significant transactions. I never have more than $200 in it, unless I plan to spend more than that. All online payment methods that need a bank account (such as PayPal) get the info for that account alone. No one can hack any other of my accounts. My risk is limited.
Unfortunately this is only for people living in the USA with a verifiable USA address and phone number. Just having a USA bank account is nit enough.