Seems like they are changing bank partners and will use cards that code as "charge card" instead of "prepaid card" which is great (some places block "prepaid" cards) but they are forcing this change on everyone (as much as I could see) and doing it with only 30 days of notice, which is much less great.
I don't blame them, though. DO is a "bill-after" company, so if you racked up server time, they're out that money if you attached a pre-paid card with $0 on it.
We use DO as our provider, and we offer trials in our product offering, so if they attach a prepaid card to _our_ service (which people do, all the time), we're out that money, but it's $5 for us, so we eat it.
Everyone is a bill-after company, though. If it was pre-pay, you'd buy $200 of computing time, convert that into 8 cents of today's hot shitcoin, and then initiate a chargeback to get your $200 back. They could make you wait 60 days or whatever, but that's an unpleasant customer experience, so they don't.
With physical goods, there is always the possibility that the merchant could compel you to return the physical good, but with cloud computing, that's nearly impossible.
The thing is that every card has a limit, both regular debit and credit. You can easily have a bank account with no more than a couple dollars in it and DO would accept that just fine.
If you haven't preauthorized, you aren't guaranteed payment. That's why these services also have usage limits, of course--AWS doesn't want me to rack up a million dollar bill without seeing a past payment history that would indicate I can actually afford that.
Yes which means you prefund your expenses. If you provide a prepaid card as a funding source it is likely to not have funds when they attempt to debit you for services already rendered. I'm sure they'd be fine with you prepaying on a prepaid card.
If you're trying to use something like Privacy.com, it's probably because you don't want to have your details shared with others. Using PayPal is not going to to that.
Weird, I must have added my Privacy card to DO before they made a backend payment processing change. Been using it since July 2016, with a new card in August 2020.
It looks like they have added a manual payment option, though certainly not preferred, so that they can technically comply with some definition of charge card perhaps?
> On December 31, 2021, we will close all Visa Privacy Cards that have not been updated. In order to continue using Privacy.com without interruption, we need you to complete a few simple steps. Visit our FAQs to learn more.
Via the popup transition tool when logging in.
Sad they couldn't keep existing cards open till they expire, but just recently their card expiration dates jumped to lasting till 2027 so I see why.
I've always been surprised by privacy.com's business model. Do they really make enough money from those small credit card processing fees to stay afloat, or are they coasting on investor money?
So the processing fees (called interchange) are capped at a $0.21+0.05% low rate for most banks, but very small banks and credit unions are exempt from this cap, and charge ~2% similar to credit cards. Fintechs always partner with a small bank to issue their cards and split the revenue.
So the thing is, most of their customers are going to be connecting a debit card from a large bank (they don't allow credit cards as a funding source). A few will come from a Durbin-exempt institution like a small credit union or a community bank (including one issued by another fintech/bank partnership such as Chime). But on the whole, they will mostly be paying the low interchange and charging the high interchange.
Since the new cards are considered credit cards, not debit cards, they won't have to worry about Durbin amendment at all.
We offer virtual cards too through AppBind and when I can’t sleep at night, sometimes I do game plan the possibility of what it means if we had to change card partners.
I expect we will see events like this fairly frequently in the next decade.
The problem isn't needing to change card partners, it's not having (not having negotiated?) a 1+ year period where already-issued cards will continue to work. Having a year or more to gradually change cards the next time I buy something from each merchant would be a minor inconvenience. In the best case, it would be 2+ years and by then, it would hardly be a concern at all.
Privacy.com's mistake wasn't needing to change issuers; as you said, that's unavoidable. Rather, it was forcing customers to cut over existing cards in 3 weeks, then lying to customers by pretending this was an upgrade rather than something required by their issuer.
I see the spending limits are still configurable on the new cards.
Does the switch from a pre-paid cards to a charge cards affect the ability for a merchant to collect on balances over the configured limit in some way? Or will those still be declined as it currently is?
Well. I seem to be unable to replace the card I created for a purchase with Affirm using the new cards.
A lot of my use case for Privacy.com was avoiding giving out my debit card (and thus, direct debiting against my checking account). If this switch means it no longer enables that (just replaces a credit card), my usage of them drops quite a bit. It's nice to be able to cap a charge against the card I guess, but the level of effort required doesn't really give me the peace of mind needed to warrant it.
Oh I see, you're talking about linking your affirm account to a debit card for payments? They might be being rejected because they fall into a high fraud category.
No. I'm saying in Affirm, the only options for payment are ACH cards, and debit cards.
I don't like either of those, so previously I used Privacy.com cards. Yes, that meant Privacy.com had access to my bank/debit card details, but they already did (and in general it means one place has my debit cards, rather than every place that eschews credit cards).
Affirm previously accepted cards created with Privacy.com just fine.
However, to prepare for the old cards no longer working (per the article), I just went and had new ones issued on Privacy.com. When I went to put those into Affirm, though, Affirm rejected them with "something went wrong". Multiple cards, multiple attempts, no further data given (both on the site and in the network request).
When I went "uh-oh; I need to actually make sure the Affirm loan gets paid off next month when it goes to bill again", and so inserted my bank's debit card details, it went through fine.
So, Affirm rejected the new Privacy.com cards for me. It accepted my personal debit card just fine.
It's annoying because many Affirm loans do indeed accept credit cards, but you don't know if it truly will until you have purchased it and set up AutoPay. It seems most pay in 4/small monthly payments will accept credit cards, but my Peloton loan does not allow it.
Affirm wants a debit card so they don’t have to pay credit card interchange fees while using debit card payment rails for instant payment of the loans they’re extending.
They are a credit card company but don’t call the product a credit card. Can’t pay credit cards with credit cards.
Maybe this is an example of "developer brain", but when I see "reissuing all cards", it sounds like when a company has a security incident and resets all passwords at once.
So as I scanned through, my read was "oh, Privacy.com had a security incident", which it did not.
I read it the same way as well, but my reasoning was that vague/generic/neutral headlines tend to be associated with bad news. E.g. Google's "spring cleaning"
To be clear to anyone who's reading along here instead of the site, they're reissuing cards because they are changing the way their card issuance works in order to improve merchant compatibility (which is definitely needed).
As such they have to use, presumably, a different set of card numbers/prefixes/whatever that the card issuers dictate. No security incident prompted this.
For post-paid things like cloud offerings, prepaid cards are much easier to get compared to debit/credit, so you end up with a lot more fake accounts that just run malware/use hundreds of dollars in resources in a month only to have that card decline after the money on the prepaid is already spent somewhere else.
"You can pay in more places! Our first version of the Privacy Card worked well for creating one-time use cards, setting spend limits, and locking cards to specific merchants. However, some merchant policies prevented our cards from being accepted online. The new version of our Privacy Cards maintains all of the privacy and security features you love while expanding the places where our cards are accepted."
Google was one of those merchants. I've been using this service for a few years now and it has saved me from so many headaches.
I liked the idea and always wanted to use it more. I actually only used it once because I was dealing with a potential subscription hassle and that card actually got stolen! A bad charge was reported from privacy.com (and of course did not go through).
Does anyone on HN have experience with this service or a personal comparison with Blur?
I’ve used delete me which works well enough (from the people that make Blur), but I’ve ended up just using the Apple Card which has a tiny amount of the privacy guarantees without a lot of the hassle (and good software).
I’ve been tempted to switch to one of these services though, but I think your data still gets resold by the card processor?
Never heard of Blur, but I've used Privacy.com successfully for... man, maybe five years?
Never had any issues with them. Not one. They always Just Work, their app doesn't change every six months, I hardly ever have to log in. Everything 'Just Works'. They've been great.
The card reset is a tad unfortunate but isn't really an issue since they're all named/branded accordingly.
Adding my voice to this experience. I have been a user for about 2 years, and I love it. I also appreciate that they support non-txt 2fa for login security.
My only quibble is that I wish I could generate a card that I could give to a someone else that had a limit cap but could be used at more than one site/vendor (the current method really wants you to use them at only a single vendor, which is generally exactly what I want). Like an allowance card basically.
However I am such a heavy user that this announcement is actually rather annoying. I didn't see an email about it yet either, and could have easily missed that I am going to need to update 10 or so subscriptions this month :/
Not 100% sure since don't use those apps, I actually pay for privacy.com to obfuscate what the money was spent on so my bank doesn't know either in it's budgeting view. But if you don't do that I think budgeting apps should be able to work, since the merchant name is passed through in the transaction metadata. Bank of America correctly categorized transactions before I disabled this, so I imagine your other apps might work.
After moving to Canada, I definitely miss that in Brazil I could just create a one-time card number directly from my bank site, instead of having to rely on 3rd parties that sometimes don't even offer the same service - Canadian privacy.com alternatives seem to offer a pre-paid card, but no 1 time card numbers.
I got this message last night. I started the process to reissue the cards, but I was immediately asked to provide my social security number. Privacy.com already has my bank account number and routing details, but TBH I'm not super comfortable providing even more personal info such as my SSN. Privacy.com has been an amazing service, and although I'll likely cave to their request for my SSN, I'm not all that happy about it.
Yeah at this point I assume my SSN is more of a UID username that isn't just fully-public, but I need to monitor credit and be pro-active about it, rather than some secret value.
> Maybe it's because you have your funding source as your bank account
I originally had it tied to a debit card, but for some reason Privacy.com forced me to provide a bank account about a year after I started it. I asked support why and they couldn't give me a good answer other than my credit union is no longer supported (though I think the agent I spoke with was blowing smoke and it might have had something to do with my always-on VPN).
Have you been asked to provide an SSN with the latest change?
Hi -- I'm the head of legal and compliance for Privacy.com. Unfortunately this is a bank partner requirement, otherwise we wouldn't ask.
We do take customer privacy and security very seriously, and have worked hard to have similar data security safeguards as larger companies like Square and Stripe (both places I've worked, so I would know!). You can read more about some of our security practices here. https://privacy.com/security
Yeah, a bit. Despite that, I still perceive them as a good barrier (and defense) between my personal financial account and random online businesses whom I would very much like to not provide any personal info whatsoever. An example is wanting to buy a LOSSLESS album from Bandcamp, I can use Privacy and I don't even need to give the musician or Bandcamp my real name or actual financial details.
I was under the assumption you never need to give your real name when using a debit or credit card. Zip code and the number of the address like 7 for "7 Main St" are required usually.
I’m not American. I opened a U.S. bank account with a major U.S. bank (I.e., presumed to be operating legally) without a SSN or US address. I have no other US identification or number.
There is no way around know your customer, but that doesn’t mean “requires SSN”. That’s just the easiest path from point A to point B and most businesses don’t care to support anything else.
I wouldn't say it's the easiest path, but a critical path. A social security number is usually required to provide identity resolution confidence (name, birth date, and address are insufficient). Don't take my word for it, that's straight from the Internal Revenue Service's Privacy Impact Assessment for it's ID.me identity proofing partner [1].
I'm also not American and I was able to open a US bank account without a SSN, however they instead put in a dummy SSN of 300-00-0000. I suppose your bank might have also given you a dummy number like that.
Can anyone figure out a reason why issuing new cards would require a new terms and conditions or is this Privacy.com just using this as an excuse to force users to accept new and presumably worse T&C (if they aren't marketing the changes then it is a safe assumption the changes aren't pro-user)?
Hi -- head of legal and compliance for Privacy.com. tl;dr is US consumer card types have lots of rules and laws attached, and we needed to have folks accept some new terms before we could give you all access to the new card types. Thanks for using our service!
Thanks for using the product -- head of legal and compliance here.
Emails are going out in phases. But if you log into your dashboard, you should be prompted to accept the new terms and re-issue any merchant locked cards.
Some folks will already be on the new product if they signed up during our public beta period, so if you don't hear from us you're likely already on the new card types.
> Emails are going out in phases. But if you log into your dashboard, you should be prompted to accept the new terms and re-issue any merchant locked cards.
I love your service, but, sorry, this was just a huge miss. You guys completely goofed on the messaging of this.
Haven’t heard of you in my Inbox, but singing into my account see all cards marked with a clock icon, see also the Get Started button to new Privacy Cards. It’s confusing, at least I should have received a darn email, right?, maybe it’s cause I’m a free tier member? haven’t been in any privacy.com public beta program. Can’t imagine privacy.com actions towards its users when shit hits the fan for real. Better to leave sooner than later.
Unfortunately, everything is on autopay. I rarely access the app or browser extension, and almost never access the dashboard.
I hope folks over there are thinking about how many people will have fewer than 30 days to update their cards. Emails should have gone out much sooner. I'm guessing this was a rushed job, and I'm sympathetic toward the things vendors force on companies, but communication is 100% in a company's control and should have gone out much sooner (I still haven't received an email).
Why would emails warning of basic service cutoff be going out in phases if every customer has the same deadline?
I’m finding out about this today from word of mouth, have 50+ cards and less than a month to react, still not a single email or notification from the mobile app to warn me.
I loved the idea about privacy.com - used them for a while - but a significant (>40%?) of the vendors that I tried to use them with didn't accept pre-paid cards (which I guess what these appear as) - and almost 90% of the vendors that I really needed them for would not accept them.
Perhaps this re-issue will make them more useful - here's hoping, because I think the idea is brilliant.
I found the opposite, oddly, only a tiny % of vendors wouldn't accept prepaid cards. I do agree it was all services where I REALLY wanted to use privacy.
That said, the only great thing about this, is that the new cards are re-classed as "charge card" and not "prepaid" card, so, they fixed it!
If only they did it with more than 30 days notice I would have been ecstatic.
Hi all - I’m one of the founders at Privacy. I’d like to provide more context on why we’re asking customers to reissue cards.
In an attempt to stay current with changes in card network and bank requirements, we spent the better part of this year investigating product adjustments and determined that changing our cards from prepaid debit to charge cards is the best option to preserve the customer experience. I recognize reissuing cards can be a pretty big inconvenience - this isn’t a decision we took lightly. The silver lining is that this should improve merchant acceptance and provide a better overall customer experience.
Functionally, cards will continue to operate exactly as they always have - no fees, no interest, no selling of your data, and no impact to your credit score.
Is this rolling out slowly, or did I join after this was already implemented for new cards? I see no cards on privacy.com/reissue and haven't gotten any notifications. I signed up in October.
They confirmed I signed up with the new thing. Thanks. You might want to add an FAQ entry to cover the situation where someone finds out about the change but doesn't know if it applies to them.
Why force the change onto customers though? Most people understand the difference between a debit card and a credit card, and as someone who's had Privacy.com cards denied because it was a prepaid MC debit card and not a real CC, I've experienced what the problem was. But for merchants where the prepaid debit card works, why can I not continue using that card number there?
Privacy.com is a wonderful service, but it already automatically locks to the first merchant the card is used on. If it's already working for that merchant, Why do I have to change the card number? Use the credit card updater mechanism (the same mechanism for when a CC gets stolen but my Netflix keeps working and they get the new number somehow) for all merchants that support that - that should keep the customer load down.
> but it already automatically locks to the first merchant the card is used on.
Just a minor correction: I'm able to use the same Privacy card for x merchant for any number of y merchants, so long as it stays under the charge limit I've set for that card.
So a privacy card you used for one merchant was denied by another merchant? And it wasn't due to them rejecting prepaid cards, setting your card to single-use, or setting too low of a dollar limit?
Not OP, but yep, my cards have been locked to the merchant.
I've only experienced this with Kickstarter and then a secondary payment collector (BackerKit, etc) where some extra charge had to be finalized, typically shipping or maybe I threw in some extra doodad, and then had it fail because that second charge wasn't technically the same merchant.
But this was fine and I was happy - working exactly as intended. I just created a new privacy card and updated payment.
I hear you on this. We’re really sorry for the inconvenience. Unfortunately, this wasn’t fully within our control. To stay compliant with our bank partner’s requirements and network rules we were forced to make this change to existing Visa cards too.
We did explore the card updater[1] and were hoping to be able to use it. Unfortunately it’s not a viable option due to technical limitations. If we could do the updating for you we absolutely would! If you have questions or there's anything we can help with, please reach out to support@privacy.com
Why couch this as an "Exciting Update,"[1] then? Why do none of the FAQ entries[2] answer the obvious question that everyone asked here (why deprecate existing cards, let alone in 3 weeks)?
When forced to by customers, you sort of answered it here, but without details or transparency. The Web site FAQ doesn't even do that much - the question that every single customer will ask isn't listed. Needing to update dozens of cards and merchants for zero benefit is not an "Exciting Update" and Privacy ends up sounding dishonest and, well, stupid for claiming that.
If you were forced to do this by a processing partner, then that's what the FAQ and customer-facing popup should say (and explain why and why your partner agreements allow that with only a few weeks of notice).
I went from being a customer and fan to believing that I can't trust Privacy's decisions nor that those decisions will be described transparently.
I have hundreds of cards! Why are you forcing me to do this?! I have no time! Honestly, I'd probably just move to my main card, which almost never changes! Tomorrow you may decide to do something again! I really don't have time to babysit this! You should grandfather all cards and allow customers to change them if they want, otherwise, they should be valid till their expiration date! You're asking us to do a lot of work during the holiday season - this is crazy, really!
I agree with this. Not having to fiddle with changing cards was the main selling point that made me switch to Privacy, after my debit card was canceled 2 times in a month for “fraud” (it wasn’t -- they were legit purchases). I also have over a hundred cards, and subscribe to the paid plan. This is a huge inconvenience, especially given the short timeline and holidays. I wish this was handled better for older virtual cards.
Also, I haven’t received any email about this change.
I got the email yesterday. Those people live in ivory towers and probably don't use their own product! I have 4 weeks to move hundreds of cards, I'm a paying customer, and they just twist my arms to do this without actually thinking about making this easier for their clients! The prepaid status of the card was an issue, but when Divvy switched from MC to Visa, they had like 3+ months, when old cards worked, and you got the option to reissue them as Visa ones one by when at your convenience!
I don't quite have hundreds of Privacy cards, but I have quite a few, and many for subscription services. Though I understand and welcome the core reason for the change, forcing users to do this migration in December—of all months—really necessitates a grim view of the value of our time and energy.
The pre-paid debit product was limited, but far from broken. This could and should have waited another month. And the news shouldn't break on HN.
You do realize that people use Privacy for business too, right? And virtual cards are not limited to monthly payments. I have one for a local coffee shop that I occasionally do an online order for.
I'm super sorry for the inconvenience and for the limited lead time. Unfortunately, this change wasn’t fully within our control and was required by our card partners.
There needs to be more transparency about how your partners forced you to this course of action and on this timeline, because this is going to seriously hurt your reputation and business. That sounds like an abusive partner, who doesn’t care about you. Or they make for a convenient scapegoat.
You tried to sugarcoat this - to pretend like forcing customers to change dozens of cards in December was exciting - and in the process, lost all trust. You could have simply described the problem honestly and transparently.
> why am I hearing about this over HN and not an official notification or email?
I logged in (to create a new card, so I could try out Oracle cloud), saw the notification and searched my email (saw nothing..) and searched HN (saw nothing..) then posted it.
I'm really kinda shocked I was the first, and, even more shocked it blew up as much as it did. I just checked back now (11 hours later -- it's been a busy day testing out that oracle cloud account, among other things) and this went crazy.
My main card changes all the time because it keeps getting somehow obtained by fraudsters, and then cancelled. I checked and this is true these days of many of my friends too.
It's definitely inconvenient when it does, especially when that involves updating a bunch of different accounts/vendors.
It it possible to continue using Privacy.com without providing an SSN?
As I commented in a thread below, I had started using your service connected to a debit card via my credit union. Then was required to attach a bank account/routing number as the source for funding and didn't receive an adequate answer as to why (which is fine, but it's slower to process and it requires that I provide more sensitive information). I get that Privacy is obligated to gather certain financial information for regulatory purposes and fraud prevention, but it feels like I'm widening my attack surface providing that info.
Hi -- I'm the head of legal and compliance for Privacy.com. Unfortunately this is a bank partner requirement, otherwise we wouldn't ask.
We do take customer privacy and security very seriously, and have worked hard to have similar data security safeguards as larger companies like Square and Stripe (both places I've worked, so I would know!). You can read more about some of our security practices here. https://privacy.com/security
Somehow I’ve assumed every US citizen has an SSN. Are there obstacles you encounter from not having an SSN? What is the process for opening bank accounts or applying for loans?
My daughter had her SSN used when she was around 10, and I can't recall her ever needing her SSN as it's no longer required for things like medical insurance, etc.
US law requires your bank to collect and verify your identity and crosscheck against a series of loste. It is part of the Patriot Act post 9/11. Unfortunately for most banks this means that they require an SSN. Technically an ID or ITIN should suffice.
I have a US bank account that I opened only using my passport and a US home address I live in. and I have a Privacy account. I don't have an SSN. Does that mean I'm locked out of Privacy come 2022?
There's obviously no requirement that you must be US citizen. The requirements are known as KYC -- know your customer -- and simply require a certain amount of due diligence. It means you've verified that the customer is who they say they are, and that the account is in their benefit and not someone else's. It's part of the wider AML framework -- anti-money laundering.
It sounds like Privacy is falling into KYC territory and is not able to farm it off to the host banks. But then any limitations around requiring SSN are due to their implementation, and not to the KYC requirements.
fwiw you don't need to be a citizen to have an SSN, you just need to be legally resident.
I don't know if it's something you have to apply for, I was 20 when I moved to the US so my parent handled all the paperwork. Just wanted to float that SSN != citizenship.
> I get that Privacy is obligated to gather certain financial information for regulatory purposes and fraud prevention, but it feels like I'm widening my attack surface providing that info.
This feels like a "you always become what you once hated" situation. Privacy.com was supposed to keep our private data private. With this change there is no way to use Privacy.com without providing even more private data.
This really should have been a choice for users. Do you want privacy or better compatibility? Considering Privacy.com's userbase and their freaking name, I would guess many users would choose privacy over that extra functionality.
The name "privacy.com", while impressive as a domain name has always kind of confused me. As far as I'm concerned it's a service that protects against credit card theft, privacy unchanged.
With modern fraud prevention and financial regulation, we simply cannot expect actual privacy with payments or really any finance.
When I use a regular credit card to buy something, do Google/Facebook/etc end up being able to link the purchase to my identity to market to me etc? I figured that was the privacy part.
I agree that as a potential customer my main interest is about credit card theft/abuse.
(This does make me wonder if they are mis-marketting focusing on privacy, instead of controlling damange of credit card theft, and sketchy merchants who charge you reoccurring charges you didn't realize/have trouble canceling, etc. That's my interest).
I guess the non-secret parts of the card number can totally be cross referenced with others merchants you've shown the card, but an online purchase very often also has a name and address so your identity is already out the window.
Also fraud detection systems will often track the type of purchases associated with a particular card number, to detect anomalies. So I suppose your privacy is somewhat protected from that, but the e-commerce sites probably already know who you are.
This is a huge inconvenience, and dressing it up as an "Exciting Update" is Orwellian. I was a paying subscriber, but I'll be cancelling my subscription now.
I'd like to thank privacy.com for making this change.
It sounds like most people aren't aware, but recently merchants have been coming down hard on privacy.com. I've almost given up using it. Hetzner and GCP are the most problematic, but I've seen it elsewhere too.
I'm not happy about having to reissue, but I will be happy if this forces vendors to take my privacy.com card.
(Everyone else is complaining, so I thought I'd at least try to balance it out a little.)
I didn't get an email about this, disappointing to find out first on HN. I assume there will be plenty of customers who just "miss" this and find out the hard way next month. Also 1 month notice during the holidays is really bad timing when you've had it available since early october.
I posted this here originally, and wow this blew up, I think we've actually spoken over email as I was one of the earliest users of privacy. I've been using it for many years and abjectly love the service.
I don't object to you reissuing cards. Like I mentioned in my other comment, I actually see a lot of positives (no more prepaid issues!), however, only giving people 30 days to update their cards in dozens (I literally have 81 open privacy cards) is "not fun" and up until now, using your service has been smooth, painless and something which this change (mostly the timing of it) just completely deflated.
I updated like 4 or 5 cards so far, each one took me 5-10 minutes, on the outside I'm looking at (worst case) 13 hours of work I have to fit into the month of December (which with the holidays and year end biz items, is already the busiest).
Yesterday, your service was just a dream to use, today it is a burden I have to find hours of time to fix.
Sorry, I do truly love privacy and didn't post this to hurt you or privacy, but I hope you can extend the deadline.
First off let me start with how much I love your platform, I use it religiously. My experience has been great except for a few times it fell short and it's not something forgotten easily. My account has been suspended twice after trying to make purchases (both for under $50 purchases), one of them at a Ft Lauderdale pizza shop and the other was a online merchant. Both times I had to open support tickets and wait over 24 hours for support while I was locked out of my account. It turned out there's a blacklist of merchants that your not allowed to make purchases at but support couldn't give me the blacklist. So it's like a game of russian roulette if my account will get suspended for making purchases. Can you share any information on how this problem has been solved?
I suggested to support that if someone is able to log in, pass 2fa, that should be enough to prove it's not fraudulent. I don't think support ever responded to my suggestions.
Also, it looks like we have to manually update them in 1Password. Out of hundreds of cards, I had only 5 listed for reussing. Why only 5?! Why not hundreds?
I had been using privacy.com for around 6 months to pay my Xfinity internet bill. Last month, it stopped working randomly. I wonder if this change will fix my issue.
I had created an account with them right away when they first started, had given them all my information as they required. After a month or so they closed my account due to abuse. All I was doing was to use their service as intended.
I’m not associated with Privacy in anyway. I’ve had a couple of inconvenient things happened to my account, I can’t remember the details right now, but in interacting with their customer support I got the sense that it was algorithms that weren’t tuned correctly yet. That may be what happened with you?
As a fairly active user, I'm extremely irritated with this being how I am finding out about this change.
Wrapping up something that amounts to extra work for me in bubbly language is kind of infuriating but in keeping with a couple of my experiences with them.
I'm not sure if I'll continue as a user given my existing unease with how I feel their existing pitch and documentation are misleading.
I appreciate the service but I'm not sure it's worth it to me to switch the cards I have given the my other experiences.
Totally agree, especially about the bubbly language used to dress up what is almost certainly a major inconvenience. I've been using their service for years, but if I have to change all of the cards that I have on file everywhere, I might as well just put in my CC details and get the cashback/points.
Never found a good alternative to privacy.com, so far their service has always been top notch...
But now I am curious: who else is out there doing what Privacy.com does, similarly or better?
Revolut has disposable cards but those are not exactly the same, because they always get destroyed after one payment rather than being able to keep using it for one merchant. Also on the free plan you can only have one normal and one disposable card active at a time.
This has always seemed like a very attractive service to me, although I haven't signed up for it myself.
While some normal credit cards theoretically offer temporary/limited cards as a service, the software/support is so bad I've never been able to make it work with my existing cards.
Have HN'ers (without any financial relationships to the company!) used it? Any reviews? Any downsides?
I’ve been using the free tier for about two years and love it. I’m not associated in any way. It works flawlessly, just as long as the merchant accepts prepaid debit cards. I’ve created hundreds of privacy cards and have only had a couple of merchants not accept them.
As a side note, the integration with 1password (whom I have worked for but no longer) is just :chef_kiss: You can create a privacy card from the merchant’s checking form and it gets saved in 1Password.
170 comments
[ 2.5 ms ] story [ 220 ms ] threadWe use DO as our provider, and we offer trials in our product offering, so if they attach a prepaid card to _our_ service (which people do, all the time), we're out that money, but it's $5 for us, so we eat it.
Then if they don't want that, don't be bill-after or companies like Privacy will just engineer around that prepaid card limitation.
With physical goods, there is always the possibility that the merchant could compel you to return the physical good, but with cloud computing, that's nearly impossible.
If you haven't preauthorized, you aren't guaranteed payment. That's why these services also have usage limits, of course--AWS doesn't want me to rack up a million dollar bill without seeing a past payment history that would indicate I can actually afford that.
https://support.privacy.com/hc/en-us/articles/4414521565719-...
> On December 31, 2021, we will close all Visa Privacy Cards that have not been updated. In order to continue using Privacy.com without interruption, we need you to complete a few simple steps. Visit our FAQs to learn more.
Via the popup transition tool when logging in.
Sad they couldn't keep existing cards open till they expire, but just recently their card expiration dates jumped to lasting till 2027 so I see why.
So the thing is, most of their customers are going to be connecting a debit card from a large bank (they don't allow credit cards as a funding source). A few will come from a Durbin-exempt institution like a small credit union or a community bank (including one issued by another fintech/bank partnership such as Chime). But on the whole, they will mostly be paying the low interchange and charging the high interchange.
Since the new cards are considered credit cards, not debit cards, they won't have to worry about Durbin amendment at all.
I expect we will see events like this fairly frequently in the next decade.
I feel for them.
Privacy.com's mistake wasn't needing to change issuers; as you said, that's unavoidable. Rather, it was forcing customers to cut over existing cards in 3 weeks, then lying to customers by pretending this was an upgrade rather than something required by their issuer.
[0] https://www.goodreads.com/quotes/440683-explaining-a-joke-is...
Does the switch from a pre-paid cards to a charge cards affect the ability for a merchant to collect on balances over the configured limit in some way? Or will those still be declined as it currently is?
A lot of my use case for Privacy.com was avoiding giving out my debit card (and thus, direct debiting against my checking account). If this switch means it no longer enables that (just replaces a credit card), my usage of them drops quite a bit. It's nice to be able to cap a charge against the card I guess, but the level of effort required doesn't really give me the peace of mind needed to warrant it.
The prior Privacy cards worked fine; that's what I had entered beforehand. It's just the new ones I reissued on Privacy that aren't being accepted.
I don't like either of those, so previously I used Privacy.com cards. Yes, that meant Privacy.com had access to my bank/debit card details, but they already did (and in general it means one place has my debit cards, rather than every place that eschews credit cards).
Affirm previously accepted cards created with Privacy.com just fine.
However, to prepare for the old cards no longer working (per the article), I just went and had new ones issued on Privacy.com. When I went to put those into Affirm, though, Affirm rejected them with "something went wrong". Multiple cards, multiple attempts, no further data given (both on the site and in the network request).
When I went "uh-oh; I need to actually make sure the Affirm loan gets paid off next month when it goes to bill again", and so inserted my bank's debit card details, it went through fine.
So, Affirm rejected the new Privacy.com cards for me. It accepted my personal debit card just fine.
They are a credit card company but don’t call the product a credit card. Can’t pay credit cards with credit cards.
So as I scanned through, my read was "oh, Privacy.com had a security incident", which it did not.
As such they have to use, presumably, a different set of card numbers/prefixes/whatever that the card issuers dictate. No security incident prompted this.
Google was one of those merchants. I've been using this service for a few years now and it has saved me from so many headaches.
Pretty cool service.
I’ve used delete me which works well enough (from the people that make Blur), but I’ve ended up just using the Apple Card which has a tiny amount of the privacy guarantees without a lot of the hassle (and good software).
I’ve been tempted to switch to one of these services though, but I think your data still gets resold by the card processor?
Never had any issues with them. Not one. They always Just Work, their app doesn't change every six months, I hardly ever have to log in. Everything 'Just Works'. They've been great.
The card reset is a tad unfortunate but isn't really an issue since they're all named/branded accordingly.
My only quibble is that I wish I could generate a card that I could give to a someone else that had a limit cap but could be used at more than one site/vendor (the current method really wants you to use them at only a single vendor, which is generally exactly what I want). Like an allowance card basically.
However I am such a heavy user that this announcement is actually rather annoying. I didn't see an email about it yet either, and could have easily missed that I am going to need to update 10 or so subscriptions this month :/
Actually, this reminder does make me feel slightly better about giving my SSN to Privacy.com.
Have you been asked to provide an SSN with the latest change?
We do take customer privacy and security very seriously, and have worked hard to have similar data security safeguards as larger companies like Square and Stripe (both places I've worked, so I would know!). You can read more about some of our security practices here. https://privacy.com/security
Thanks for responding to these questions. Very much appreciated.
https://privacy.com/virtual-card
There is no way around know your customer, but that doesn’t mean “requires SSN”. That’s just the easiest path from point A to point B and most businesses don’t care to support anything else.
[1] https://www.irs.gov/pub/irs-pia/id-me-pia.pdf (Pages 2-3)
Emails are going out in phases. But if you log into your dashboard, you should be prompted to accept the new terms and re-issue any merchant locked cards.
Some folks will already be on the new product if they signed up during our public beta period, so if you don't hear from us you're likely already on the new card types.
I love your service, but, sorry, this was just a huge miss. You guys completely goofed on the messaging of this.
Unfortunately, everything is on autopay. I rarely access the app or browser extension, and almost never access the dashboard.
I hope folks over there are thinking about how many people will have fewer than 30 days to update their cards. Emails should have gone out much sooner. I'm guessing this was a rushed job, and I'm sympathetic toward the things vendors force on companies, but communication is 100% in a company's control and should have gone out much sooner (I still haven't received an email).
I’m finding out about this today from word of mouth, have 50+ cards and less than a month to react, still not a single email or notification from the mobile app to warn me.
Perhaps this re-issue will make them more useful - here's hoping, because I think the idea is brilliant.
That said, the only great thing about this, is that the new cards are re-classed as "charge card" and not "prepaid" card, so, they fixed it!
If only they did it with more than 30 days notice I would have been ecstatic.
In an attempt to stay current with changes in card network and bank requirements, we spent the better part of this year investigating product adjustments and determined that changing our cards from prepaid debit to charge cards is the best option to preserve the customer experience. I recognize reissuing cards can be a pretty big inconvenience - this isn’t a decision we took lightly. The silver lining is that this should improve merchant acceptance and provide a better overall customer experience.
Functionally, cards will continue to operate exactly as they always have - no fees, no interest, no selling of your data, and no impact to your credit score.
Reach out to our team at support@privacy.com and we'll be happy to take a look at your account and confirm.
Privacy.com is a wonderful service, but it already automatically locks to the first merchant the card is used on. If it's already working for that merchant, Why do I have to change the card number? Use the credit card updater mechanism (the same mechanism for when a CC gets stolen but my Netflix keeps working and they get the new number somehow) for all merchants that support that - that should keep the customer load down.
Just a minor correction: I'm able to use the same Privacy card for x merchant for any number of y merchants, so long as it stays under the charge limit I've set for that card.
I've only experienced this with Kickstarter and then a secondary payment collector (BackerKit, etc) where some extra charge had to be finalized, typically shipping or maybe I threw in some extra doodad, and then had it fail because that second charge wasn't technically the same merchant.
But this was fine and I was happy - working exactly as intended. I just created a new privacy card and updated payment.
We did explore the card updater[1] and were hoping to be able to use it. Unfortunately it’s not a viable option due to technical limitations. If we could do the updating for you we absolutely would! If you have questions or there's anything we can help with, please reach out to support@privacy.com
[1] https://developer.visa.com/capabilities/vau
I have heard nothing of this problem until now.
Still nothing in the app.
WTF?!?
When forced to by customers, you sort of answered it here, but without details or transparency. The Web site FAQ doesn't even do that much - the question that every single customer will ask isn't listed. Needing to update dozens of cards and merchants for zero benefit is not an "Exciting Update" and Privacy ends up sounding dishonest and, well, stupid for claiming that.
If you were forced to do this by a processing partner, then that's what the FAQ and customer-facing popup should say (and explain why and why your partner agreements allow that with only a few weeks of notice).
I went from being a customer and fan to believing that I can't trust Privacy's decisions nor that those decisions will be described transparently.
[1]: https://support.privacy.com/hc/en-us/categories/441448782555... [2]: https://support.privacy.com/hc/en-us/sections/4414521336855-...
Also, I haven’t received any email about this change.
The pre-paid debit product was limited, but far from broken. This could and should have waited another month. And the news shouldn't break on HN.
oh yeah, well I have 167 bajillion!*
*I really don't; I do wonder what you're doing with hundreds of monthly payments though.
I'm super sorry for the inconvenience and for the limited lead time. Unfortunately, this change wasn’t fully within our control and was required by our card partners.
You tried to sugarcoat this - to pretend like forcing customers to change dozens of cards in December was exciting - and in the process, lost all trust. You could have simply described the problem honestly and transparently.
What I'm wondering is: why am I hearing about this over HN and not an official notification or email? Did I just miss it?
I logged in (to create a new card, so I could try out Oracle cloud), saw the notification and searched my email (saw nothing..) and searched HN (saw nothing..) then posted it.
I'm really kinda shocked I was the first, and, even more shocked it blew up as much as it did. I just checked back now (11 hours later -- it's been a busy day testing out that oracle cloud account, among other things) and this went crazy.
It's definitely inconvenient when it does, especially when that involves updating a bunch of different accounts/vendors.
As I commented in a thread below, I had started using your service connected to a debit card via my credit union. Then was required to attach a bank account/routing number as the source for funding and didn't receive an adequate answer as to why (which is fine, but it's slower to process and it requires that I provide more sensitive information). I get that Privacy is obligated to gather certain financial information for regulatory purposes and fraud prevention, but it feels like I'm widening my attack surface providing that info.
We do take customer privacy and security very seriously, and have worked hard to have similar data security safeguards as larger companies like Square and Stripe (both places I've worked, so I would know!). You can read more about some of our security practices here. https://privacy.com/security
Regardless all citizens are eligible and should be given an SSN if they apply.
It sounds like Privacy is falling into KYC territory and is not able to farm it off to the host banks. But then any limitations around requiring SSN are due to their implementation, and not to the KYC requirements.
I don't know if it's something you have to apply for, I was 20 when I moved to the US so my parent handled all the paperwork. Just wanted to float that SSN != citizenship.
I've tried putting mine in, but it says (rightly) that it's an invalid SSN.
This feels like a "you always become what you once hated" situation. Privacy.com was supposed to keep our private data private. With this change there is no way to use Privacy.com without providing even more private data.
This really should have been a choice for users. Do you want privacy or better compatibility? Considering Privacy.com's userbase and their freaking name, I would guess many users would choose privacy over that extra functionality.
With modern fraud prevention and financial regulation, we simply cannot expect actual privacy with payments or really any finance.
I agree that as a potential customer my main interest is about credit card theft/abuse.
(This does make me wonder if they are mis-marketting focusing on privacy, instead of controlling damange of credit card theft, and sketchy merchants who charge you reoccurring charges you didn't realize/have trouble canceling, etc. That's my interest).
Also fraud detection systems will often track the type of purchases associated with a particular card number, to detect anomalies. So I suppose your privacy is somewhat protected from that, but the e-commerce sites probably already know who you are.
What were the most important changes from the networks in banks that precipitated this?
Requiring an SSN is an important change. Did prior requirements not do enough to prevent abuse of their services?
It sounds like most people aren't aware, but recently merchants have been coming down hard on privacy.com. I've almost given up using it. Hetzner and GCP are the most problematic, but I've seen it elsewhere too.
I'm not happy about having to reissue, but I will be happy if this forces vendors to take my privacy.com card.
(Everyone else is complaining, so I thought I'd at least try to balance it out a little.)
EDIT: Well, never mind. Apparently their new cards are still getting rejected. https://news.ycombinator.com/item?id=29438181
I was really excited...
I posted this here originally, and wow this blew up, I think we've actually spoken over email as I was one of the earliest users of privacy. I've been using it for many years and abjectly love the service.
I don't object to you reissuing cards. Like I mentioned in my other comment, I actually see a lot of positives (no more prepaid issues!), however, only giving people 30 days to update their cards in dozens (I literally have 81 open privacy cards) is "not fun" and up until now, using your service has been smooth, painless and something which this change (mostly the timing of it) just completely deflated.
I updated like 4 or 5 cards so far, each one took me 5-10 minutes, on the outside I'm looking at (worst case) 13 hours of work I have to fit into the month of December (which with the holidays and year end biz items, is already the busiest).
Yesterday, your service was just a dream to use, today it is a burden I have to find hours of time to fix.
Sorry, I do truly love privacy and didn't post this to hurt you or privacy, but I hope you can extend the deadline.
Best of luck to you and all of the privacy team.
I suggested to support that if someone is able to log in, pass 2fa, that should be enough to prove it's not fraudulent. I don't think support ever responded to my suggestions.
Thank You
I've been with y'all since the very early days.
I have no idea how you all make money but I hope you all are around for many years to come.
Wrapping up something that amounts to extra work for me in bubbly language is kind of infuriating but in keeping with a couple of my experiences with them.
I'm not sure if I'll continue as a user given my existing unease with how I feel their existing pitch and documentation are misleading.
I appreciate the service but I'm not sure it's worth it to me to switch the cards I have given the my other experiences.
https://news.ycombinator.com/item?id=28247788#28248539
While some normal credit cards theoretically offer temporary/limited cards as a service, the software/support is so bad I've never been able to make it work with my existing cards.
Have HN'ers (without any financial relationships to the company!) used it? Any reviews? Any downsides?
As a side note, the integration with 1password (whom I have worked for but no longer) is just :chef_kiss: You can create a privacy card from the merchant’s checking form and it gets saved in 1Password.
I know this is not allowed in the USA.