this post was submitted on 15 Jul 2024
39 points (97.6% liked)

Privacy

31775 readers
332 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Is there something similar to privacy.com in Europe so I don’t have to enter my credit card information everywhere? Or another way to buy stuff online privately on many different stores and websites?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 3 months ago* (last edited 3 months ago)

My bank will assign cards to specific accounts and only draw payments with that card from that account. And they let you make multiple cards and multiple accounts, naturally.

So for me the easy solution is to simply not keep money in that account (because it's a debit account and will simply refuse payments when there's no money).

The other simple solution is the fact that the bank also lists the tokens currently associated with each card, and lets you remove them. Once the token is gone the website has to ask for explicit permission again.

For those not familiar, nowadays websites can no longer store actual CC details (it's a huge compliance violation) and in fact they never even get to see the CC details anymore. You enter the CC details on the processor's page (which is a separate entity), they send them to your bank, the bank verifies them, asks for a 2FA confirmation from you, and if everything checks out they issue a token to the website.

The token can be good for a one time payment, or for recurring payments. If it's a recurring token my bank will list it next to the card involved and let me revoke it. The website can use the token for as long as it's still listed – if I delete it they have to ask for a new one.

I suspect that this is the main shortcoming of Revolut's one-time cards, they issue one-time tokens (naturally) and it's easy for the website to see that it's not a recurring one.

Edit: I should also mention that in the EU this token mechanism is NOT used for utilities. For utilities (and for other EU recurring payments) there's a similar but explicitly separate mechanism called SEPA. It's similar in the sense you can set up the payments and you see them listed next to your account, you can revoke them at any time, they also use a tokenization system, but they draw directly from an account, there's no CC involved and no CC processors, it's a system that works directly between EU banks.