this post was submitted on 15 Jul 2024
40 points (97.6% liked)
Privacy
32221 readers
1066 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
What I use for such sites is a frozen card which I only unfreeze after setting a limit for my exact purchase amount. Pay, freeze again for the next time.
My bank will assign cards to specific accounts and only draw payments with that card from that account. And they let you make multiple cards and multiple accounts, naturally.
So for me the easy solution is to simply not keep money in that account (because it's a debit account and will simply refuse payments when there's no money).
The other simple solution is the fact that the bank also lists the tokens currently associated with each card, and lets you remove them. Once the token is gone the website has to ask for explicit permission again.
For those not familiar, nowadays websites can no longer store actual CC details (it's a huge compliance violation) and in fact they never even get to see the CC details anymore. You enter the CC details on the processor's page (which is a separate entity), they send them to your bank, the bank verifies them, asks for a 2FA confirmation from you, and if everything checks out they issue a token to the website.
The token can be good for a one time payment, or for recurring payments. If it's a recurring token my bank will list it next to the card involved and let me revoke it. The website can use the token for as long as it's still listed – if I delete it they have to ask for a new one.
I suspect that this is the main shortcoming of Revolut's one-time cards, they issue one-time tokens (naturally) and it's easy for the website to see that it's not a recurring one.
Edit: I should also mention that in the EU this token mechanism is NOT used for utilities. For utilities (and for other EU recurring payments) there's a similar but explicitly separate mechanism called SEPA. It's similar in the sense you can set up the payments and you see them listed next to your account, you can revoke them at any time, they also use a tokenization system, but they draw directly from an account, there's no CC involved and no CC processors, it's a system that works directly between EU banks.