In the age of social media, oversharing and ever more frequent data breaches, Privacy.com is aspiring to be the banking industry's "none of your business" app.
The startup, which has raised $1.2 million from investors including former White House Deputy Chief of Staff Jim Messina, aims to address consumer concerns about entrusting personal information to an endless parade of third parties at a time of escalating privacy and cybersecurity concerns. Led by a team of financial services veterans and young techies, the company also says its app can indirectly help retailers by reducing the amount of sensitive data they have to collect and safeguard (and hence the potential fines from the card companies if such information gets compromised).
Even if it achieves those laudable goals, it remains to be seen whether Privacy.com can make money doing so. Its revenue model, which relies on taking a cut of the interchange fees on transactions rather than charging consumers, will depend on achieving a critical mass of regular users.
Still, the company, which plans to launch Tuesday at the Money2020 conference in Las Vegas, represents the first mainstream attempt to build a business explicitly around transactional privacy in the era of Edward Snowden and Ashley Madison.
"Everything you do online can be tracked and more than likely will be tracked. People are starting to understand the implications of this," said Boling Jiang, Privacy.com's chief executive. "This is kind of a reset in the default state of humanity. Everything we do offline, as long as it's not recorded, is fleeting … whereas everything you do online is by default tracked and will be used."
Burner Card Numbers
The service works by inserting itself between the consumer's bank and the merchant. First, Privacy.com collects basic user information required by know-your-customer regulations – name, address, and date of birth – along with an email address, and a credit or debit card or bank account number to fund the account. It runs the name through the Office of Foreign Assets Control sanctions lists, and verifies the user is who he says he is with the help of authentication services like IDology and Plaid.com.
Once signed up, a Privacy.com user can shop online without typing in his or her payment credentials. At checkout, a browser plugin or mobile app generates a one-time "virtual prepaid card" number with a made-up cardholder name that is good only for that transaction. (The Visa-branded "card" is issued by Privacy.com's partner bank, the $7.6 billion-asset Customers Bank, based in Phoenixville, Pa.) Privacy.com appears as the consumer of record to the merchant and as the merchant of record to the consumer's bank or card issuer.
This setup has several advantages. For starters, the purchase shows up as "Privacy.com" on the consumer's card or bank statement, an arrangement that might preserve domestic tranquility for married couples. Moreover, if the merchant is breached and the card number is stolen, it is useless anywhere else.
For recurring payments like a Netflix subscription, Privacy.com also offers merchant-specific numbers that are useless at any other retailer. If a thief tried to use such a number at another store, it would tip off Privacy.com about the breach, perhaps before the merchant or card network figured out something was amiss.
The one-time and merchant-specific numbers are similar to the tokenization offered by Apple Pay and EMV chip cards. Jiang said those technologies work for in-store transactions, but "one of the side effects here is that a lot of fraud is going to get driven online and you don't really have a tokenization solution for online transactions. The user's still entering in a [card number], the same for every transaction online. That's pretty terrible."
"They don't have to form a lifelong relationship with somebody, or even be marketed to after they're dead, because they bought something online," said Andy Roth, Privacy.com's chairman and a former chief privacy officer at American Express.
Of course, while Privacy.com promises not to share users' information for commercial purposes, consumers must trust it to protect their data.
Jason Kruse, the company's chief technologist, said the company is compliant with the Payment Card Industry standards for service providers, which are more stringent than the minimum requirements for merchants. Privacy.com is also audited by its bank and processor, he said, and no single person can access the sensitive data on the server, which requires multiple keys to decrypt, like the nuclear launch codes in "Wargames."
"This is what we think about 24/7," Jiang said, drawing a contrast to retailers that specialize in flogging merchandise rather than securing data. "If your mentality is 'security is a cost center, and we're going to do everything we can to minimize that cost, and fine, we'll take the fees if we ever get breached' then of course you're going to have terrible security. For us, it's core to our brand, core to what we do."