A newspaper article on privacy mentioned Lithic (formerly Privacy.com but still using that domain name). They issue one-time credit card numbers that forward charges to your actual credit card or bank account, up to 12 numbers per month. You can set per-transaction pending limits. All of this for free.
They also have pay options with enhanced customer service, more cards.
But how do these guys make money on the free plan? And how much of my privacy am I giving up by entrusting my privacy to them?
After a quick look at their website a thoughts come to mind. There isn’t a lot new in terms of the pitch and where they want to go.
Only the basic service is free. But it offers a lot of what most people want. If you want to hide your porn site subscription you need to buy the $10 a month subscription.
There is the usual aphorism, if the service is free, it is you that is the product.
Here the business plan would appear to be first mover in replacing basic credit card numbers with a better system where transactions are tagged with single use tokens. The actual credit card companies remain in the loop, and so actually benefit.
Lithic is offering an API for large vendors to tie into the ecosystem. The more basic customers Lithic have, the more compelling their corporate level offering becomes. So free accounts is building their core long term value as the dominant first mover in the business. They are no doubt bleeding money right now trying to run fast enough to establish themselves. If they get it right they may be the next big thing in overnight billion dollar companies.
One of my credit cards used to offer this service directly, but a few years ago discontinued it. Well, shit. The whole reason I got a credit card from that bank was for their virtual one-shot credit card service.
I have been looking for other banks that offer a credit card with the same service, without success. I asked about it on this board. Someone suggested Citi. But when I inquired there, I found that they had just recently discontinued it too. This was a couple of years ago.
So, was this once a thing that some banks offered, and suddenly they all quit? Why would that have happened?
I saw the same article OP refers to, or one similar. It’s an important service to have in this world of on-line commerce. But I’d have preferred to keep it between me and my credit card issuer, rather than get a little-known third party in the mix.
I have Capital One. This is from an email that I recently received–
“Virtual card numbers from Eno, your Capital One assistant, help keep your credit card account more secure when shopping online from a desktop browser. When you go to check out, Eno will generate a merchant-specific virtual card number for you to use—keeping your actual card number hidden.”
It’s a browser extension. I haven’t actually tried it, so I can’t vouch for the process.
I have been using Capital One (their Venture credit card, 2% on everything) for many years, and their Eno/virtual credit card number system for 3+ years - no issues at all. Even though there may be other cards/banks with better perks, I’ll stick around with Capital One for awhile mostly because of this feature.
I have created easily 4 dozen virtual numbers, and there seems to be no limit (there probably IS a limit, but it’s beyond my reach).
Payola? Maybe Lithic negotiated deals with the various banks to be the exclusive provider of this kind of service. Though usually it seems like the opposite happens. Some scrappy upstart forges a new business and when it becomes successful the big players implement their own version and put the upstart out of business. That could still happen (getting Sherlocked) but usually only after mainstream adoption has been achieved and the risk is mitigated.
When I signed up they said I needed to apply for credit at a bank (I forget which one). I think the way this works is that they have some deal with the bank to process the virtual credit card numbers, and they transfer funds from your bank account to pay the bill, similar to transfers in Venmo and PayPal. So they only deal with one bank for the sale transaction end.
What kind of negotiation leverage would they have to get a lock on this? Such an agreement might also be dicey from an anti-trust standpoint.
I’ve also been using Privacy for a year or two. I haven’t had any problem with them and use the free plan since I don’t use them all that often. But I do like the extra layer of security if dealing with unknown or potentially sketchy vendor sites. Not something that comes up often but that’s why the free plan works for me. I maybe use it 3-4 times a year.
When I signed up, my bank wasn’t on the list to select but they had a field to request it and they added my bank within a day or two. I’d guess that their list is more comprehensive by now.
I assumed they kept the lights on through subscription plans for heavier users and transaction fees from the vendors, much like standard credit card issuers.
That was me. Despite what they told you, they do still offer a virtual card service; I used it to make an online purchase last month. However, according to their website, this service is only available with “select” cards, and they don’t say which ones have it.
In any case, I wouldn’t recommend signing up for a Citi card just to get the the virtual card thing. Citi could drop it, like they’ve dropped other useful services (such as rental car insurance), and Lithic sounds like a good alternative.
I wonder if we’re approaching the point where credit card numbers run out. As I understand it, they vary in length and structure, but a typical length would be 16 digits. Very often, the first four of these cannot be chosen freely but are rather predetermined by the issuer. At the end you usually have a check digit. That would leave 1e11 available unique numbers, which is 100 billion. Sounds like a lot, but since credit card numbers are (I suppose) not recycled, I could imagine that one-time-use numbers for just one transaction could get us to the point where numbers run out and will have to be recycled after all. Anyone here from the industry who could share knowledge whether this is an issue?
Plus the additional 3-digit code (CVC?) which seems required everywhere these days.
Edit: I don’t know if there are any multiple uses of the same base CC number with differing CVCs. But it does show that adding longer numbers should be pretty trivial if it was ever needed.
I actually just saw a sales blurb for Privacy (sponsored a Linus Tech Tips video on Youtube) and they included the line “Since they make their money from merchants, there’s no cost to you”.
This was in the back of my mind. It would also account for some merchants rejecting their cards. Merchant fees are rubbery, and the subject of ongoing argument and negotiation. Witness the recent spat between Visa and Amazon. Many merchants have fat enough margins that they don’t really notice small fractions of a percent differences in charges. If they take Amex, Visa, Mastercard, you an be sure they are already eating varying charges on the transaction anyway. Lithic isn’t carrying any risk for the transaction, nor are they providing the billing infrastructure or all the other heavy lifting. So the fee is going to have to be very small. They may well just add very slim margin to the merchant charge that most merchants don’t care or notice. It would need to be within very thin bounds.
There is never any such thing as a free lunch, so you will pay eventually. But if Lithic can squeeze themselves into the gap and make money, they may buy themselves enough wiggle room to make the business work. But by itself I can’t see it making for a long term business. They seem to be trying to position themselves to be something businesses embrace, not a cost impost.