In the age of social media, oversharing and ever more frequent data breaches, Privacy.com is aspiring to be the banking industry's "none of your business" app.
The startup, which has raised $1.2 million from investors including former White House Deputy Chief of Staff Jim Messina, aims to address consumer concerns about entrusting personal information to an endless parade of third parties at a time of escalating privacy and cybersecurity concerns. Led by a team of financial services veterans and young techies, the company also says its app can indirectly help retailers by reducing the amount of sensitive data they have to collect and safeguard (and hence the potential fines from the card companies if such information gets compromised).
Even if it achieves those laudable goals, it remains to be seen whether Privacy.com can make money doing so. Its revenue model, which relies on taking a cut of the interchange fees on transactions rather than charging consumers, will depend on achieving a critical mass of regular users.
Still, the company, which plans to launch Tuesday at the Money2020 conference in Las Vegas, represents the first mainstream attempt to build a business explicitly around transactional privacy in the era of Edward Snowden and Ashley Madison.
"Everything you do online can be tracked and more than likely will be tracked. People are starting to understand the implications of this," said Boling Jiang, Privacy.com's chief executive. "This is kind of a reset in the default state of humanity. Everything we do offline, as long as it's not recorded, is fleeting … whereas everything you do online is by default tracked and will be used."
Burner Card Numbers
The service works by inserting itself between the consumer's bank and the merchant. First, Privacy.com collects basic user information required by know-your-customer regulations – name, address, and date of birth – along with an email address, and a credit or debit card or bank account number to fund the account. It runs the name through the Office of Foreign Assets Control sanctions lists, and verifies the user is who he says he is with the help of authentication services like IDology and Plaid.com.
Once signed up, a Privacy.com user can shop online without typing in his or her payment credentials. At checkout, a browser plugin or mobile app generates a one-time "virtual prepaid card" number with a made-up cardholder name that is good only for that transaction. (The Visa-branded "card" is issued by Privacy.com's partner bank, the $7.6 billion-asset Customers Bank, based in Phoenixville, Pa.) Privacy.com appears as the consumer of record to the merchant and as the merchant of record to the consumer's bank or card issuer.
This setup has several advantages. For starters, the purchase shows up as "Privacy.com" on the consumer's card or bank statement, an arrangement that might preserve domestic tranquility for married couples. Moreover, if the merchant is breached and the card number is stolen, it is useless anywhere else.
For recurring payments like a Netflix subscription, Privacy.com also offers merchant-specific numbers that are useless at any other retailer. If a thief tried to use such a number at another store, it would tip off Privacy.com about the breach, perhaps before the merchant or card network figured out something was amiss.
The one-time and merchant-specific numbers are similar to the tokenization offered by Apple Pay and EMV chip cards. Jiang said those technologies work for in-store transactions, but "one of the side effects here is that a lot of fraud is going to get driven online and you don't really have a tokenization solution for online transactions. The user's still entering in a [card number], the same for every transaction online. That's pretty terrible."
"They don't have to form a lifelong relationship with somebody, or even be marketed to after they're dead, because they bought something online," said Andy Roth, Privacy.com's chairman and a former chief privacy officer at American Express.
Of course, while Privacy.com promises not to share users' information for commercial purposes, consumers must trust it to protect their data.
Jason Kruse, the company's chief technologist, said the company is compliant with the Payment Card Industry standards for service providers, which are more stringent than the minimum requirements for merchants. Privacy.com is also audited by its bank and processor, he said, and no single person can access the sensitive data on the server, which requires multiple keys to decrypt, like the nuclear launch codes in "Wargames."
"This is what we think about 24/7," Jiang said, drawing a contrast to retailers that specialize in flogging merchandise rather than securing data. "If your mentality is 'security is a cost center, and we're going to do everything we can to minimize that cost, and fine, we'll take the fees if we ever get breached' then of course you're going to have terrible security. For us, it's core to our brand, core to what we do."
Those bogus cardholder names, which the consumer can choose to fill in, will also present a challenge since they might set off false positives at merchants' antifraud filters. Although Privacy.com controls the address verification system and has ultimate say over whether to accept or reject transactions, "we have an education issue with the user," Jiang said. "We have to be like, 'use a sane name. You don't have to use your real name, but don't use something totally crazy.'"
And the revenue model may be tricky. Privacy.com's service is free for the consumer; it splits the interchange revenue on the virtual prepaid card with Customers Bank. But it must pay fees on the underlying credit or debit card or automated clearing house transaction. High-end cards for big spenders, which carry the highest interchange rates, would be unprofitable for the company to handle.
"If they let me fund an account with my Amex or Visa Signature Preferred credit card they'd lose revenue on every payment," said Eric Grover, a payments industry consultant at Intrepid Ventures.
Jiang said the company plans to allow users to fund their initial purchases with credit cards and treat the expense as a customer acquisition cost. "Long term, for us to be profitable, our customers, more likely than not, have to be funding these with bank accounts," he said. (ACH costs less than interchange on credit, debit or prepaid cards). After the first few hundred dollars, he said, Privacy.com may charge a fee of around 3% for a user to continue funding with a high-interchange card on the back end.
"We're a startup," added Roth. "We want to get traction. We want to get people to love using our product." To that end, it has tried to make the user experience simple and fun. Other online privacy tools, like email encryption or the anonymizing Tor browser (not to mention the pseudonymous currency Bitcoin) have struggled to catch on because they were difficult to use, Jiang said.
A Diverse Team
Jiang, 26, and Kruse, 27, have a typical startup founder story. As high school classmates in Kansas they started an early cloud storage service, which amassed some 100,000 users. They sold it for "way less than we should have," Jiang said, but the proceeds helped pay college tuition. More recently, Jiang dabbled in cryptocurrency, while Kruse learned the nuts and bolts of ACH at Expensify, the expense reporting service.
Roth, 43, is also a partner at the international law firm Dentons, where he is co-chair of the global privacy and cybersecurity practice. He brought in Washington insider Messina, who was an early advisor to Uber and AirBnb, as an investor and board member.
"We have this blend of the industry people and also the young people coming in to disrupt the industry," Roth said.
Grover, the payments consultant, is skeptical about the service's appeal. Privacy concerns "in my experience are more acute in theory than in practice," he said."The overwhelming majority of consumers quite readily share all sorts of personal information with third parties for modest incentives. … Consider the highly personal information many consumers readily share with the world on Facebook."
But Roth – noting recent events like the European Court of Justice striking down a safe harbor for U.S. companies that transmit personal data from the European Union to the United States, and Apple CEO Tim Cook declaring privacy "a fundamental human right" – argues that the tide is turning, even among millennials.
"There's a shift from social to antisocial," Roth said. "Young people are not as interested in sharing everything as people think."