Real World Save

This morning I woke up to a real-life “save”. Had I not been using I would have had to call my credit card company for a new card, then update my card number with a bunch of merchants. With, however, I didn’t have to do much of anything.

If you’re unfamiliar with, it is a virtual credit card service. Privacy allows you to create credit cards (whose charges are debited from your bank account) for use with online merchants. If a merchant loses your card number or it is intercepted in transit, you are still protected because that merchant is the only entity that can place a charge against the card. Privacy also allows you to set very flexible spend-limits per card and has a number of other excellent security features. For more information you can read my review here. I have used for approximately three years, and

My Save

I have used for approximately three years, and I like the confidence in knowing if my credit card number were stolen, it wouldn’t really impact me. This confidence has been largely academic because I’ve never, to my knowledge, had a card spilled since using Until yesterday.

I woke up this morning to see a “declined transaction notification” in my inbox. The real merchant associated with this card is a fairly small specialty store through which I occasionally make purchases. Obviously, because of Privacy’s rules, I can only use the card with this one merchant. The charge was for $0.00, but this was likely a test to verify the validity of the card.

Note: I’m not going to reveal the merchant’s name, both for my own privacy and because I don’t know definitively that they are at fault.

My Follow Up

I did make an effort to alert the merchant. I sent a polite email reading:

“Hey guys, I love what you do. [I have redacted a sentence here that could reveal the nature of the merchant for my own privacy].

I just wanted to give you a heads up that the credit card I use at [redacted] might have been compromised. My bank issues virtual credit cards, so I have a card that I have ONLY used with you guys. Last night someone tried to use it to make a charge at JCPenney. I’m happy to share more details if you need them.

Again, love what you do but thought you should know.”

The response, which came directly from the owner, was less than enthusiastic. I was told that there was no way the spillage occurred on their end. His response closed by telling me I should, “consider scanning the computer used with a current anti-virus program. . .” OK, man.

As I said earlier, I have used for approximately three years. I have spent tens of thousands of dollars through their service. I have committed a massive amount of my privacy to them. If you’re looking for total anonymity or the U.S. Government is a credible threat in your threat model, this probably isn’t the service for you. But if you want to meaningfully improve your security and enhance your personal privacy a bit, I can’t recommend more strongly.

Support Op-Sec on Patreon