Is Privacy.com Safe? An Overview of Privacy’s Security Practices
As a financial company, Privacy.com is subject to various compliance obligations pertaining to identity verification, security, and payments. Among those requirements is PCI compliance.
What is PCI compliance?
PCI compliance an industry standard that applies to all entities that handle certain card data. PCI compliance applies to all payment processors, merchants, financial apps, and any other service that uses or stores certain card information.
We know that trusting a website or app with your financial information can feel daunting. With so many reports of data leaks, fraud, and other financial crimes, it’s natural to second guess who you can trust with your sensitive data. In fact, that’s the reason why Privacy was created — to protect consumers online and allow them to shield their true financial information from online merchants. Data security and privacy best practices are at the core of everything we do.
Is Privacy.com safe? An overview:
Although there is always an inherent risk in sharing sensitive information online, Privacy is safe to use because we are compliant with PCI DSS and other generally accepted industry security standards.
In this article, we’ll explore the practices we follow at Privacy to keep your information safe, dive into what it means to be PCI compliant, and discuss how you can use our product to secure your online payments. We’ll answer the following:
- What is Privacy.com?
- Is Privacy.com safe?
- How does Privacy.com work?
- What is Privacy.com used for?
What is Privacy.com?
Privacy.com is a secure payment service that helps users shop safely online by allowing them to generate unique virtual card numbers. Privacy’s core product is free to use for domestic transactions because, like other card companies, we collect transaction fees from merchants.
With Privacy Cards, users can:
- Take complete control of their spending
Users can set customizable spending limits to prevent overcharging and block hidden fees. This feature is perfect for managing subscriptions and recurring expenses. If a transaction goes over the limit, it is automatically declined. Users can also easily pause, unpause, and close Privacy Cards with one push of a button.
- Save time at checkout
Users can download the Privacy browser extension to generate and auto-fill unique, secure card numbers at checkout in just one click. Skip having to track down your purse or wallet and manually enter in card numbers. The browser extension is available for Chrome and Firefox.
- Create Merchant-Locked or Single-Use Cards
Privacy Cards automatically “lock” to the first merchant they’re used with. So, if the merchant is compromised at any point, that particular card number can never be used anywhere else. Users can also create one-time-use cards that automatically close after the first transaction.
- Create virtual cards on the go and leverage real time monitoring
Privacy’s mobile app allows users to create and use cards at any time. With real-time notifications, Privacy alerts users whenever a Privacy Card is authorized or declined, enabling close monitoring of spending activity. If you’re questioning, is the Privacy app safe? We’ll go into more detail in the following section.
Is Privacy.com safe?
Yes! Privacy.com has the same safety and security standards as a typical bank. We’re held to the same rigorous criteria regarding data protection and compliance with payment industry standards, including PCI DSS.
Sensitive data is fully encrypted and never sold per our Privacy Policy. Data in transit to Privacy.com is always encrypted with industry standard TLS 1.2. Data at rest is encrypted with AES-256 at the application layer with encryption keys stored only in memory, on single-tenant hardware, within private networks, and firewalled with deny by default rules that block any inbound traffic that is not permitted. We participate in annual PCI and SOC 2 compliance audits, which are conducted by a qualified outside firm.
In addition to the rigid internal security benchmarks we adhere to, our product has several additional customer protections built in, including merchant-locking features, transaction notifications, and card editing settings. Although we ask users to connect a checking account, we are only able to access it through a secure tokenization process which we describe below. Plus, we enable and encourage all Privacy users to set up Two-Factor Authentication, or 2FA, once they’ve signed up to protect themselves from malicious outside parties.
To better answer your question—is Privacy.com safe?—We dive into a more comprehensive overview of PCI DSS and SOC 2 compliance obligations and security practices below.
What is PCI DSS compliance?
PCI DSS is short for Payment Card Industry Data Security Standard, sometimes called PCI Data Security Standard. This standard applies to all organizations that process, transmit, or store certain cardholder information. While there’s no law that states merchants and other companies handling cardholder data must be PCI compliant, the card networks including Visa, Mastercard, and AMEX require it.
Put simply, PCI DSS compliance aims to protect consumer data by averting security breaches. The PCI Security Standards Council has outlined twelve PCI compliance requirements that institutions must uphold to remain in good standing with the card networks. These criteria include:
- Install and maintain a firewall configuration to protect cardholder data
- Change vendor-supplied default passwords and security settings
- Protect stored cardholder data
- Encrypt cardholder data when transmitting it across open public networks
- Use and regularly update antivirus software
- Develop and maintain secure systems and processes
- Restrict access to cardholder data to a need-to-know basis
- Assign unique IDs to everybody with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to networks and cardholder data
- Regularly test systems and processes
- Maintain a policy that addresses information security
Key Terms to Know
- A “firewall” is a computer network security system that restricts access to a network. Firewalls are designed to thwart cyber threats and prevent access to sensitive data.
- “Cardholder data” refers to any personally identifiable information (PII) of someone who owns a credit or debit card. This PII includes the cardholder's name, primary account number (PAN), expiration date, or CVV code.
- Restricting access to data on a “need-to-know basis” means sensitive information is only accessible to a select group of people.
- “Encrypting” data refers to information being transmitted via secret code that only authorized parties can decipher.
At Privacy, we have teams of personnel that work to ensure we are PCI compliant year-round. Safeguarding your data and remaining compliant with all relevant regulations is our top priority.
SOC 2 Type II Compliance
SOC 2 Type II applies to all technology service providers that store, transmit, or process data. Similar to PCI DSS, SOC 2 Type II compliance also outlines how customer data should be managed and the operating effectiveness.
Certification standards are set by the American Institute of CPAs (AICPA) and indicate that an organization handles data safely and with integrity. This compliance standard is based on five trust services criteria: security, availability, progressing integrity, confidentiality, and privacy. As defined by AICPA, these mean:
- Security. Ensuring protection of systems and information from unauthorized access and damage that could compromise any of the below terms and prevent the entity from meeting its objectives.
- Availability. Ensuring customers and employees can access the services in accordance with the company’s terms of service.
- Processing Integrity. Demonstrating complete accuracy, timeliness, and responsibility in handling and storing transaction data.
- Confidentiality. Proving that sensitive customer data, including PII, is safely handled, stored, and shared.
- Privacy. Ensuring customer data is collected, stored, and disclosed in accordance with the organization’s privacy policy.
SOC 2 Type II certification demonstrates that an organization strictly adheres to security and compliance policies, standards, and procedures. Our security, compliance, engineering and operations teams at Privacy constantly monitor our systems and policies to ensure we remain SOC 2 Type II compliant. We also undergo regular audits performed by outside firms for both PCI and SOC 2 Type II compliance.
Privacy Account Security Features
We offer our Privacy users additional security benefits and privacy guarantees to keep their accounts safe.
- Privacy supports Two-Factor Authentication (2FA) and other security apps that use Time-based One-Time Password (TOTP), like Google Authenticator or 1Password.
- Privacy does not obtain or store your bank login information. When you connect your bank account through Plaid, we never receive your login information; rather, we receive a token from your bank that permits us to pull funds from your account whenever you make a purchase on a Privacy Card.
- Fraud protections: Privacy takes unauthorized claims seriously and we work to resolve fraud reports in a similar manner to your bank or other financial services provider.
For a detailed overview of Privacy’s security practices, please refer to our Security policies.
How does Privacy.com work?
Privacy.com allows users to generate unique virtual card numbers for online merchants. Users can create Single-Use Cards that close after the first use or Merchant-Locked Cards for websites they transact with regularly.
To use Privacy, you must first create an account, confirm your information, connect your checking account, and agree to our Terms. Then, you will be able to create Privacy Cards and use them to checkout online at your favorite merchants. Privacy automatically debits your connected funding source any time you make a purchase with a Privacy Card.
For more information on how to use Privacy.com, we recommend reviewing our Help Center articles.
What is Privacy.com used for?
Privacy.com is used to make secure online payments with masked card numbers. Our customers shop more safely and privately using randomly-generated virtual card numbers instead of their real debit card or credit card numbers.
You can also pause or close a Privacy Card at any time for an additional layer of security. Think about the instances in which you regret giving a company your card information. By using a Privacy Card instead, you can prevent a merchant from charging you for amounts you haven’t agreed to.
Personal and business users alike enjoy the level of control and privacy our virtual cards and spending tools offer. We highlight some of the most common reasons people use Privacy below:
For online shopping
Think about all the websites you provide your card information to while shopping online, and the number of merchants you want to buy from but don’t entirely trust. One breach can expose your card information and rack up fraudulent charges on your account. Many of our users check out with Privacy Cards to protect themselves in the event of a breach, knowing that our merchant-locked and single-use cards can’t be used at unauthorized merchants.
For subscriptions / bill pay
Lots of users link a Privacy Card to their subscription-based merchants like Chewy, Spotify, and Netflix, as well as internet and cell service providers, to exercise greater control over their recurring spend. Users set daily, monthly, or yearly spending limits to ensure a merchant doesn’t debit more than the subscription amount or monthly bill and to protect against hidden fees.
For business management
Privacy Cards are excellent tools for small businesses to keep track of their budgets and expenses. We see many businesses leverage Privacy to assign cards to vendors, share cards with trusted employees, get real-time transaction notifications, and download monthly statements that plug into their accounting software.
For managing children’s spending
Parents can assign Privacy Cards to their child’s gaming and shopping accounts, making it easy to manage their spending. Parents can pause or adjust limits on their children's Privacy Cards at any time and get notified each time a purchase is made. Plus, because Privacy Cards lock to the first merchant they’re used at, our users can share Privacy Cards with friends and family members knowing that those cards can’t be stolen and used at other merchants.
Looking for more ways to enhance your privacy while shopping online? Pay with Privacy Cards to start masking your real card information while feeling confident that your data is safe.