Payment information is a particularly important kind of personal information. It’s likely that you do more credit and debit transactions online than you do in person. If you’d like to have an extra layer of security on your payment and banking information, you can use Privacy Cards to keep your card number from being exposed every time you use it. They also have great features for controlling spending or stopping unwanted charges. In today’s blog post, we’ll look at some of the basics of how the technology works, what makes it more secure, and a few popular ways of using it.
Protecting yourself from someone else’s data breaches
One of the trickiest aspects of security is protecting your personally identifying and sensitive information while you still have to use that information as part of a transaction. When companies are in the news for leaking customer data, it’s often because an attacker has pulled off a digital heist of payment information. Since it was used to make payments with the company, that means that it may be able to be used for fraudulent charges in the future.
At the very least, information like your name, address, or credit card number could guide unsavory actors to more information about you and more ways to invade your privacy. All of that personal data could be used as a way of gaining access to your work credentials or impersonating you, which could put your whole organization at risk.
Security through obscurity?
These days, obscurity isn’t highly regarded as a security strategy. Information—like your bank account number or address—can stay hidden for a certain amount of time, but once the cat’s out of the bag, it’s out. For instance, after a few breaches, most of our social security numbers are virtually public record now; they’re not a great way to authenticate someone for this reason.
Cybersecurity experts have moved on to segmentation instead: give people just enough information or access to get done what needs to get done. One way to do that is to generate new information for every transaction, or every class of transaction. That’s where Privacy Cards come in: you can generate a new credit card for every transaction and each merchant that you use the card at.
Privacy Cards
Generating new credit cards for every transaction or service that you subscribe to means that the card that you use isn’t the card that’s tied directly to your bank account. In the middle of your transaction is Privacy.com, with whom you set up a Privacy Card. Think of Privacy.com as a bank that keeps your money in very small accounts, each with their own unique card number. Their cards are PCI-DSS compliant and should work anywhere that you can use a virtual card—a credit card that isn’t a physical card.
When you use one of those cards, it gets “locked” to the store or service you are paying, and cannot be used with another merchant. Because of this, leaking the card number doesn’t mean that your account can be used in a future fraudulent use unless it’s with the same seller. If you make a card for your Netflix account, it can only be used with Netflix as the merchant.
Online identity protection
Privacy.com can be used to obscure purchases and make it more difficult to track you. An important example is when you are registering a domain name for your website. Some registrars provide “WHOIS protection” for your identity, but if you don’t have that protection, the fact that you own your website (along with your name and location) is public information. It can be an easy way for someone who doesn’t like what you publish to start a harassment campaign against you.
Privacy Cards make it possible for the registrar to not have your information to leak in the first place; the registrar can’t publish it on accident, or because you didn’t pay for that protection, and they can’t lose your real data in a data breach. You can do this by using an alias and not-so-accurate address on your privacy card, which you configure in their online dashboard.
Stopping unwanted payments to services
It might be more common for people to use Privacy Cards to reign in unwanted or changing subscriptions. If you periodically rotate through streaming services to find new shows to watch on other platforms, you can use Privacy Cards to set a limit on how much money can be charged by one service. This makes it so that hidden charges or misleading trial periods are no problem, since you can’t be charged more than what you’ve set. If you decide to keep the service after the trial, you can raise the limit on the Privacy Card from their online dashboard.
If this all sounds kind of, well, interesting from a legal standpoint, it kind of is. Privacy.com is mandated to do their due diligence on shady practices and money laundering, just like a bank is. As I mentioned above, it’s best to think of them as another bank, but they don’t provide access to your main account. They’ve been a reputable player in this space for a while, but all of this requires a lot of trust in them. On the other hand, buying from online sellers and handing over your payment information is a lot of trust to give too…
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team