Not too long ago, I tried to estimate how many stories I have read about data breaches since I started working at the IAPP. I couldn’t come up with a good number, mainly because data breaches happen in just about every single industry you could imagine, and to ponder the scope of the problem is, well, a real bummer. Add to that the number of sensitive purchases people make online, who wants bad actors or the public to know where they've been shopping? With a seemingly endless onslaught of breach incidents affecting million of consumers, are there any methods people can take to protect themselves?
The creators of one privacy-enhancing technology may have found one possible solution.
Privacy.com is a service designed to protect customers when they are shopping online. They do so by allowing users to create virtual cards for each transaction. Each one of these virtual cards has its own number, CVV and expiration date, and will lock into the first merchant it is used upon. So if you decide to use one of the virtual cards at BestBuy.com, for example, the same card cannot be used at Walmart, Target, or any other store online.
The service also allows users to hide their real name from the transaction, giving customers the opportunity to disassociate themselves from past purchases and keep their information away from marketers.
“You should not feel obligated to share your name if you don’t want to,” said Privacy.com Co-Founder Bo Jiang in a phone conversation with Privacy Tech. “If you are buying a t-shirt online, why does there need to be a lifelong relationship with whatever merchant sells it to you? You wouldn’t expect that if you went to the local corner store and bought a sandwich.”
Privacy.com is not only a useful tool to safeguard financial information if your favorite online retailer gets hit by a breach, Jiang said it can be a useful tool for businesses as well. The app not only prevents fraud within an organization, but also helps organizations manage expense reporting and reconciliation. Since the cards can also have cash limitations, Privacy.com can also help an organization control spending.
Privacy.com was founded in the summer of 2014, and the concept came from two different avenues.
Andy Roth was the former chief privacy officer with American Express, and springing from his financial privacy background, had an idea for a physical card with constantly changing numbers customers can use without sharing their name. Jiang and the rest of the team came from the bitcoin world, a model they enjoyed, but acknowledged had limitations.
“We liked bitcoin a lot, but I think there was this combined realization that there’s a lot of hurdles to mainstream adoption,” said Jiang.
He and his team decided to combine the two models into what eventually became Privacy.com. The service provides the best of both worlds, giving customers the anonymity and security of bitcoin, with the universal acceptance of traditional payment rails.
So how do users get started?
“You put in some basic information, [know-your-customer] information, and essentially we validate that against public records. Then you connect a funding source, and right now we use a service called Plaid to connect the bank account. Plaid has agreements with banks to pull account routing number information. Then you install the extension and you are off to the races,” said Jiang.
I went through this process to test out Privacy.com for myself. The sign-up process is very easy. Privacy.com asks which bank you currently use, then you sign into the app using the online credentials for your banking account. Privacy.com sent me an email saying it had to validate my information before I could begin shopping.
I figured this would take a day to complete. Within an hour, my account was verified and I was ready to spend, spend, spend.
I decided to take Privacy.com to Amazon first, where I purchased the first season of Rick and Morty on Blu-Ray. After downloading the extension on Google Chrome, I clicked on the little green box on the right hand side. Once I did, a green button appeared near the credit card number section of the transaction. I clicked on it, and the new card number, CVV and expiration date appeared. I went through and checked out as I normally would.
The transaction appeared on the Privacy.com user interface, and the card I used now had the Amazon.com logo on it. I completed two more transactions using Privacy.com, where I bought a t-shirt, and food for my kitten.
The extension didn’t produce the green button on the credit card section, but the new card showed up in a box on the screen. I copied the number, CVV and expiration date and went on my way. It took an extra thirty seconds, but it wasn’t a major hindrance.
Privacy.com is an easy way to spend money safely, but don’t expect to spend too much. The app allows users to spend $1,000 a day, and only up to $2,000 across all cards within a month.
“As we grow the business and get more comfortable with it, we will be willing to increase limits for users. Card limits are really around preventing someone from creating a billion cards,” said Jiang. “It is a somewhat finite resource. We don’t want someone creating a bunch and not using them.”
The app also offers two-factor authentication, and allows users to mask the descriptions of their purchases on their bank statements. So according to my bank, instead of shopping at Amazon, I instead took my business to Smiley’s Corner Store.
Jiang said users have different appetites for privacy, so it was important for the app to give users different levels of security when using Privacy.com. Giving users control over their privacy settings was very important to the company, and their demographics also bust a common myth within the industry.
“I think there’s a need and a demand for it. You look at the demographic of our users, a lot of them are younger, in the 18-29 demographic,” said Jiang. “People say that young people don’t care about privacy and security and that is patently untrue. A big portion of our user base cares really strongly about security, because they don’t have a lot of money, so if they are hit with fraud, it sucks a lot more.”
While Privacy.com may safeguard your financial information from attacks on vendors, it does require linking your bank account in order to use it. Jiang said there have been some who are hesitant to use Privacy.com because of this.
Jiang believes his company is equipped to handle any customer concerns. Privacy.com’s modern, concentrated model allows them to have fewer malicious actors, not having to deal with legacy hardware systems, or outdated software systems. By focusing solely on customer privacy, rather than as solely a money-making enterprise, Jiang sees the company’s intentions as pure.
“There’s a social contract in some ways, where if you trust us with your data and your information, we will make your life more secure, more convenient, and we will give you more control over your spending,” said Jiang. “Otherwise we totally understand that user trust is something you just take for granted. It’s something that you have to slowly earn.”
Overall, Privacy.com is worth checking out, especially if you have had your eyes opened to the vast amount of data breaches out there. I will likely continue to use their services going forward. With nearly every industry vertical suffering from cyberattacks, it certainly doesn’t hurt to take an easy-to-use precaution as an individual or employee.
If you want to comment on this post, you need to login.