Hi all - I’m one of the founders at Privacy. I’d like to provide more context on why we’re asking customers to reissue cards.
In an attempt to stay current with changes in card network and bank requirements, we spent the better part of this year investigating product adjustments and determined that changing our cards from prepaid debit to charge cards is the best option to preserve the customer experience. I recognize reissuing cards can be a pretty big inconvenience - this isn’t a decision we took lightly. The silver lining is that this should improve merchant acceptance and provide a better overall customer experience.
Functionally, cards will continue to operate exactly as they always have - no fees, no interest, no selling of your data, and no impact to your credit score.
Why force the change onto customers though? Most people understand the difference between a debit card and a credit card, and as someone who's had Privacy.com cards denied because it was a prepaid MC debit card and not a real CC, I've experienced what the problem was. But for merchants where the prepaid debit card works, why can I not continue using that card number there?
Privacy.com is a wonderful service, but it already automatically locks to the first merchant the card is used on. If it's already working for that merchant, Why do I have to change the card number? Use the credit card updater mechanism (the same mechanism for when a CC gets stolen but my Netflix keeps working and they get the new number somehow) for all merchants that support that - that should keep the customer load down.
I hear you on this. We’re really sorry for the inconvenience. Unfortunately, this wasn’t fully within our control. To stay compliant with our bank partner’s requirements and network rules we were forced to make this change to existing Visa cards too.
We did explore the card updater[1] and were hoping to be able to use it. Unfortunately it’s not a viable option due to technical limitations. If we could do the updating for you we absolutely would! If you have questions or there's anything we can help with, please reach out to support@privacy.com
Why couch this as an "Exciting Update,"[1] then? Why do none of the FAQ entries[2] answer the obvious question that everyone asked here (why deprecate existing cards, let alone in 3 weeks)?
When forced to by customers, you sort of answered it here, but without details or transparency. The Web site FAQ doesn't even do that much - the question that every single customer will ask isn't listed. Needing to update dozens of cards and merchants for zero benefit is not an "Exciting Update" and Privacy ends up sounding dishonest and, well, stupid for claiming that.
If you were forced to do this by a processing partner, then that's what the FAQ and customer-facing popup should say (and explain why and why your partner agreements allow that with only a few weeks of notice).
I went from being a customer and fan to believing that I can't trust Privacy's decisions nor that those decisions will be described transparently.
> but it already automatically locks to the first merchant the card is used on.
Just a minor correction: I'm able to use the same Privacy card for x merchant for any number of y merchants, so long as it stays under the charge limit I've set for that card.
So a privacy card you used for one merchant was denied by another merchant? And it wasn't due to them rejecting prepaid cards, setting your card to single-use, or setting too low of a dollar limit?
Not OP, but yep, my cards have been locked to the merchant.
I've only experienced this with Kickstarter and then a secondary payment collector (BackerKit, etc) where some extra charge had to be finalized, typically shipping or maybe I threw in some extra doodad, and then had it fail because that second charge wasn't technically the same merchant.
But this was fine and I was happy - working exactly as intended. I just created a new privacy card and updated payment.
I posted this here originally, and wow this blew up, I think we've actually spoken over email as I was one of the earliest users of privacy. I've been using it for many years and abjectly love the service.
I don't object to you reissuing cards. Like I mentioned in my other comment, I actually see a lot of positives (no more prepaid issues!), however, only giving people 30 days to update their cards in dozens (I literally have 81 open privacy cards) is "not fun" and up until now, using your service has been smooth, painless and something which this change (mostly the timing of it) just completely deflated.
I updated like 4 or 5 cards so far, each one took me 5-10 minutes, on the outside I'm looking at (worst case) 13 hours of work I have to fit into the month of December (which with the holidays and year end biz items, is already the busiest).
Yesterday, your service was just a dream to use, today it is a burden I have to find hours of time to fix.
Sorry, I do truly love privacy and didn't post this to hurt you or privacy, but I hope you can extend the deadline.
I have hundreds of cards! Why are you forcing me to do this?! I have no time! Honestly, I'd probably just move to my main card, which almost never changes! Tomorrow you may decide to do something again! I really don't have time to babysit this! You should grandfather all cards and allow customers to change them if they want, otherwise, they should be valid till their expiration date! You're asking us to do a lot of work during the holiday season - this is crazy, really!
I don't quite have hundreds of Privacy cards, but I have quite a few, and many for subscription services. Though I understand and welcome the core reason for the change, forcing users to do this migration in December—of all months—really necessitates a grim view of the value of our time and energy.
The pre-paid debit product was limited, but far from broken. This could and should have waited another month. And the news shouldn't break on HN.
I'm super sorry for the inconvenience and for the limited lead time. Unfortunately, this change wasn’t fully within our control and was required by our card partners.
You tried to sugarcoat this - to pretend like forcing customers to change dozens of cards in December was exciting - and in the process, lost all trust. You could have simply described the problem honestly and transparently.
There needs to be more transparency about how your partners forced you to this course of action and on this timeline, because this is going to seriously hurt your reputation and business. That sounds like an abusive partner, who doesn’t care about you. Or they make for a convenient scapegoat.
> why am I hearing about this over HN and not an official notification or email?
I logged in (to create a new card, so I could try out Oracle cloud), saw the notification and searched my email (saw nothing..) and searched HN (saw nothing..) then posted it.
I'm really kinda shocked I was the first, and, even more shocked it blew up as much as it did. I just checked back now (11 hours later -- it's been a busy day testing out that oracle cloud account, among other things) and this went crazy.
I agree with this. Not having to fiddle with changing cards was the main selling point that made me switch to Privacy, after my debit card was canceled 2 times in a month for “fraud” (it wasn’t -- they were legit purchases). I also have over a hundred cards, and subscribe to the paid plan. This is a huge inconvenience, especially given the short timeline and holidays. I wish this was handled better for older virtual cards.
Also, I haven’t received any email about this change.
I got the email yesterday. Those people live in ivory towers and probably don't use their own product! I have 4 weeks to move hundreds of cards, I'm a paying customer, and they just twist my arms to do this without actually thinking about making this easier for their clients! The prepaid status of the card was an issue, but when Divvy switched from MC to Visa, they had like 3+ months, when old cards worked, and you got the option to reissue them as Visa ones one by when at your convenience!
My main card changes all the time because it keeps getting somehow obtained by fraudsters, and then cancelled. I checked and this is true these days of many of my friends too.
It's definitely inconvenient when it does, especially when that involves updating a bunch of different accounts/vendors.
You do realize that people use Privacy for business too, right? And virtual cards are not limited to monthly payments. I have one for a local coffee shop that I occasionally do an online order for.
I didn't get an email about this, disappointing to find out first on HN. I assume there will be plenty of customers who just "miss" this and find out the hard way next month. Also 1 month notice during the holidays is really bad timing when you've had it available since early october.
It it possible to continue using Privacy.com without providing an SSN?
As I commented in a thread below, I had started using your service connected to a debit card via my credit union. Then was required to attach a bank account/routing number as the source for funding and didn't receive an adequate answer as to why (which is fine, but it's slower to process and it requires that I provide more sensitive information). I get that Privacy is obligated to gather certain financial information for regulatory purposes and fraud prevention, but it feels like I'm widening my attack surface providing that info.
Hi -- I'm the head of legal and compliance for Privacy.com. Unfortunately this is a bank partner requirement, otherwise we wouldn't ask.
We do take customer privacy and security very seriously, and have worked hard to have similar data security safeguards as larger companies like Square and Stripe (both places I've worked, so I would know!). You can read more about some of our security practices here. https://privacy.com/security
US law requires your bank to collect and verify your identity and crosscheck against a series of loste. It is part of the Patriot Act post 9/11. Unfortunately for most banks this means that they require an SSN. Technically an ID or ITIN should suffice.
I have a US bank account that I opened only using my passport and a US home address I live in. and I have a Privacy account. I don't have an SSN. Does that mean I'm locked out of Privacy come 2022?
There's obviously no requirement that you must be US citizen. The requirements are known as KYC -- know your customer -- and simply require a certain amount of due diligence. It means you've verified that the customer is who they say they are, and that the account is in their benefit and not someone else's. It's part of the wider AML framework -- anti-money laundering.
It sounds like Privacy is falling into KYC territory and is not able to farm it off to the host banks. But then any limitations around requiring SSN are due to their implementation, and not to the KYC requirements.
Somehow I’ve assumed every US citizen has an SSN. Are there obstacles you encounter from not having an SSN? What is the process for opening bank accounts or applying for loans?
My daughter had her SSN used when she was around 10, and I can't recall her ever needing her SSN as it's no longer required for things like medical insurance, etc.
fwiw you don't need to be a citizen to have an SSN, you just need to be legally resident.
I don't know if it's something you have to apply for, I was 20 when I moved to the US so my parent handled all the paperwork. Just wanted to float that SSN != citizenship.
> I get that Privacy is obligated to gather certain financial information for regulatory purposes and fraud prevention, but it feels like I'm widening my attack surface providing that info.
This feels like a "you always become what you once hated" situation. Privacy.com was supposed to keep our private data private. With this change there is no way to use Privacy.com without providing even more private data.
This really should have been a choice for users. Do you want privacy or better compatibility? Considering Privacy.com's userbase and their freaking name, I would guess many users would choose privacy over that extra functionality.
The name "privacy.com", while impressive as a domain name has always kind of confused me. As far as I'm concerned it's a service that protects against credit card theft, privacy unchanged.
With modern fraud prevention and financial regulation, we simply cannot expect actual privacy with payments or really any finance.
When I use a regular credit card to buy something, do Google/Facebook/etc end up being able to link the purchase to my identity to market to me etc? I figured that was the privacy part.
I agree that as a potential customer my main interest is about credit card theft/abuse.
(This does make me wonder if they are mis-marketting focusing on privacy, instead of controlling damange of credit card theft, and sketchy merchants who charge you reoccurring charges you didn't realize/have trouble canceling, etc. That's my interest).
I guess the non-secret parts of the card number can totally be cross referenced with others merchants you've shown the card, but an online purchase very often also has a name and address so your identity is already out the window.
Also fraud detection systems will often track the type of purchases associated with a particular card number, to detect anomalies. So I suppose your privacy is somewhat protected from that, but the e-commerce sites probably already know who you are.
First off let me start with how much I love your platform, I use it religiously. My experience has been great except for a few times it fell short and it's not something forgotten easily. My account has been suspended twice after trying to make purchases (both for under $50 purchases), one of them at a Ft Lauderdale pizza shop and the other was a online merchant. Both times I had to open support tickets and wait over 24 hours for support while I was locked out of my account. It turned out there's a blacklist of merchants that your not allowed to make purchases at but support couldn't give me the blacklist. So it's like a game of russian roulette if my account will get suspended for making purchases. Can you share any information on how this problem has been solved?
I suggested to support that if someone is able to log in, pass 2fa, that should be enough to prove it's not fraudulent. I don't think support ever responded to my suggestions.
This is a huge inconvenience, and dressing it up as an "Exciting Update" is Orwellian. I was a paying subscriber, but I'll be cancelling my subscription now.
I'd like to thank privacy.com for making this change.
It sounds like most people aren't aware, but recently merchants have been coming down hard on privacy.com. I've almost given up using it. Hetzner and GCP are the most problematic, but I've seen it elsewhere too.
I'm not happy about having to reissue, but I will be happy if this forces vendors to take my privacy.com card.
(Everyone else is complaining, so I thought I'd at least try to balance it out a little.)
Is this rolling out slowly, or did I join after this was already implemented for new cards? I see no cards on privacy.com/reissue and haven't gotten any notifications. I signed up in October.
They confirmed I signed up with the new thing. Thanks. You might want to add an FAQ entry to cover the situation where someone finds out about the change but doesn't know if it applies to them.
Also, it looks like we have to manually update them in 1Password. Out of hundreds of cards, I had only 5 listed for reussing. Why only 5?! Why not hundreds?
Agree that authentication should be table stakes, though I would argue that the actual mistake is that the MongoDB application/docker container was on a host/VM with a network interface on the public internet.
Privacy.com | Senior Site Reliability Engineer (SRE) / Product Manager (PM) | 110 - 160k USD / 0.01 - 0.3% | New York, NY | Full Time | Onsite / Remote
About Us
At Privacy.com we've reimagined the way consumers and businesses buy online by creating a one click checkout experience everywhere online - all while protecting our customers' financial information by making unique and ephemeral payment card numbers.
Roles
Senior Site Reliability Engineer (SRE)
As a Senior Site Reliability Engineer at Privacy.com, you’ll be responsible for real-time systems that move millions of dollars every day. An ideal candidate can design redundant, fault-tolerant systems in unpredictable environments that handle failures before they can affect customers. SREs combine engineering experience with architectural knowledge to automate processes and maintain uptime to scale the business.
As part of our team, you will collaborate with engineers, designers, and other stakeholders to ship new products. You’ll have the opportunity to improve our consumer card offering as well as our new card issuing API which enables developers to build new financial services products and issue cards programmatically more rapidly than ever before.
Privacy.com | Senior Site Reliability Engineer (SRE) / Data Scientist | 110 - 160k USD / 0.01 - 0.25% | New York, NY | Full Time | Onsite
About Us
At Privacy.com we've reimagined the way consumers and businesses buy online by creating a one click checkout experience everywhere online - all while protecting our customers' financial information by making unique and ephemeral payment card numbers.
We're a small venture-backed company looking to expand our team to keep pace with our growth. We're nimble, product-focused, and working on a multitude of interesting technical challenges across payment processing, fraud detection, scale, and predictive analytics.
Roles
Senior Site Reliability Engineer (SRE)
As a Senior Site Reliability Engineer at Privacy.com, you’ll be responsible for real-time systems that move millions of dollars every day. An ideal candidate can design redundant, fault-tolerant systems in unpredictable environments that handle failures before they can affect customers. SREs combine engineering experience with architectural knowledge to automate processes and maintain uptime to scale the business.
We’re looking for a thoughtful, curious, and resourceful data scientist to join as our first data hire. You’ll have the chance to analyze many facets of the product and company, as well as be on the ground floor of building a world-class data-driven organization as we scale from hundreds of millions of dollars in payment volume to billions. This is a cross functional role and you’ll work with various members of the team including operations, product/engineering, and marketing.
Privacy.com | Product Engineer / Full Stack Engineer | 110 - 160k USD / 0.01 - 0.25% | New York, NY | Full Time | Onsite
About Us
At Privacy.com we've reimagined the way consumers and businesses buy online by creating a one click checkout experience everywhere online - all while protecting our customers' financial information by making unique and ephemeral payment card numbers.
We're a small venture-backed company looking to expand our team to keep pace with our growth. We're nimble, product-focused, and working on a multitude of interesting technical challenges across payment processing, fraud detection, scale, and predictive analytics.
Roles
Product Engineer
As a Product Engineer at Privacy.com, you'll work at the intersection of design and engineering to build effective and delightful experiences. You have a strong desire to understand the needs of the user and enjoy collaborating with teams across the company on building and shipping products. You'll be working primarily with Javascript (AngularJS, React Native) and SASS/CSS on a variety of platforms including web, mobile and browser extensions.
As a full stack engineer at Privacy.com, you're just as comfortable working with Javascript promises as you are with multiprocessing in python. You'll have the opportunity to work on a variety of projects and languages, ranging from our browser extensions to our real-time financial transaction processing engine.
Privacy.com | Product Engineer / Full Stack Engineer | 110 - 160k USD / 0.01 - 0.25% | New York, NY | Full Time | Onsite
About Us
At Privacy.com we've reimagined the way consumers and businesses buy online by creating a one click checkout experience everywhere online - all while protecting our customers' financial information by making unique and ephemeral payment card numbers.
We're a small venture-backed company looking to expand our team to keep pace with our growth. We're nimble, product-focused, and working on a multitude of interesting technical challenges across payment processing, fraud detection, scale, and predictive analytics.
Roles
Product Engineer
As a Product Engineer at Privacy.com, you'll work at the intersection of design and engineering to build effective and delightful experiences. You have a strong desire to understand the needs of the user and enjoy collaborating with teams across the company on building and shipping products. You'll be working primarily with Javascript (AngularJS, React Native) and SASS/CSS on a variety of platforms including web, mobile and browser extensions.
As a full stack engineer at Privacy.com, you're just as comfortable working with Javascript promises as you are with multiprocessing in python. You'll have the opportunity to work on a variety of projects and languages, ranging from our browser extensions to our real-time financial transaction processing engine.
Privacy.com | Product Engineer / Full Stack Engineer | 110 - 160k USD / 0.01 - 0.25% | New York, NY | Full Time | Onsite
About Us
At Privacy.com we've reimagined the way consumers and businesses buy online by creating a one click checkout experience everywhere online - all while protecting our customers' financial information by making unique and ephemeral payment card numbers.
We're a small venture-backed company looking to expand our team to keep pace with our growth. We're nimble, product-focused, and working on a multitude of interesting technical challenges across payment processing, fraud detection, scale, and predictive analytics.
Roles
Product Engineer
As a Product Engineer at Privacy.com, you'll work at the intersection of design and engineering to build effective and delightful experiences. You have a strong desire to understand the needs of the user and enjoy collaborating with teams across the company on building and shipping products. You'll be working primarily with Javascript (AngularJS, React Native) and SASS/CSS on a variety of platforms including web, mobile and browser extensions.
As a full stack engineer at Privacy.com, you're just as comfortable working with Javascript promises as you are with multiprocessing in python. You'll have the opportunity to work on a variety of projects and languages, ranging from our browser extensions to our real-time financial transaction processing engine.
Privacy.com | Web lead / Full stack JS Engineer / Senior Frontend Engineer | FULL-TIME | New York, NY | ONSITE | $100k - $140k (USD), 0.1 - 1% equity
Come help us build and scale Privacy.com while continuing to delight our customers! In a year since launch, we've processed over $100 million in transactions.
About Us
We're a small, venture-backed company looking to expand our engineering team to keep pace with our growth. We're nimble, product-focused, and working on a multitude of interesting technical challenges across payment processing, fraud detection, scale, and predictive analytics.
Benefits / Office
- Medical/dental/vision coverage
- Snacks & stocked fridge and pantry
- Choose your own Apple equipment
- Commuter Benefits
- Flexible vacation policy; take time when you need it
- Office located in Chinatown
Privacy.com | Web lead / Full stack JS Engineer / Senior Frontend Engineer | FULL-TIME | New York, NY | ONSITE | $100k - $140k (USD), 0.1 - 1% equity
Come help us build and scale Privacy.com while continuing to delight our customers! In a year since launch, we've processed over $100 million in transactions.
About Us
We're a small, venture-backed company looking to expand our engineering team to keep pace with our growth. We're nimble, product-focused, and working on a multitude of interesting technical challenges across payment processing, fraud detection, scale, and predictive analytics.
Benefits / Office
- Medical/dental/vision coverage
- Snacks & stocked fridge and pantry
- Choose your own Apple equipment
- Commuter Benefits
- Flexible vacation policy; take time when you need it
- Office located in Chinatown
You guys are the best! I know already told you this privately, but for everyone else here, privacy.com saved me from fraud as well as 1000s of other people after I reported the attempt to the vendor. If you want to work on something awesome, you should look at privacy.com.
I have no affiliation with them other than as an extremely satisfied customer.
Holy crap, I've been looking for something (from a user's perspective) like this for ages. Not doing web stuff anymore so not applying but can't wait to check this out.
BoA has offered this as a feature called "ShopSafe" on their Mastercard since forever, but weirdly it's totally buried and is so neglected that you need to use a Flash app to generate new numbers.
PRIVACY.COM | NEW YORK (NYC) | $90-140K, 0.1 - 2% equity | ONSITE, FULL-TIME
We’ve built a secure way to pay online without giving away your personally identifiable information (PII) or credit card number. We’re a small team (12), moving millions in transaction volume, generating significant revenue, and backed by top-tier investors. As one of our early engineering hires, you’ll have the opportunity to make a impact on both the product and culture of the company.
Some things we’re working on now:
- Improving our fraud modeling and ML classifiers that detect anomalous behavior and prevent fraud
- Building out growth hooks, A/B testing and optimizing funnels
- Updates to our real-time Visa transaction processing system where requests must be responded to in milliseconds
What we’re looking for:
- Ability to write clear, maintainable, thoughtfully commented code
- Can-do mentality, with the willingness to wear a sysadmin or devops hat when necessary
- Proficiency with javascript preferred but not required (our stack is mostly js with some java, c++ and python)
- 2+ years of real-world experience shipping code
If this job piques your interest, drop us a line jobs@privacy.com!
In an attempt to stay current with changes in card network and bank requirements, we spent the better part of this year investigating product adjustments and determined that changing our cards from prepaid debit to charge cards is the best option to preserve the customer experience. I recognize reissuing cards can be a pretty big inconvenience - this isn’t a decision we took lightly. The silver lining is that this should improve merchant acceptance and provide a better overall customer experience.
Functionally, cards will continue to operate exactly as they always have - no fees, no interest, no selling of your data, and no impact to your credit score.