[worble]

It's also frankly absurd that no such service exists for European customers. I've been looking the past few days for someone who does something like this and it's just not available, for what I can only assume are regulatory reasons.

[vlabakje90]

Revolut has single use credit cards as part of their offering. You can either choose to create a new one for each transaction (disposable card) or a virtual credit card that you can use more than once but discard if something happens to it.

Because both types are virtual prepaid type cards, some services (e.g. car rental) will not accept such cards.

[jddj]

(Transfer)wise offers virtuals too, though not prepaid

[notpushkin]

For a more traditional banking, Estonia's LHV allows (seemingly) unlimited free virtual cards.

[namibj]

Capped to 3 virtuals, though.

[delusional]

Its my understandingn that Visa does offer the service to banks, they just haven't implemented it. There is to my knowledge no regulatory red tape, it's just not seem as profitable.

The banks here in Denmark har just less competitive and more entrenched than in the US

[lxgr]

I wouldn't say that banking is particularly competitive in the US when it comes to technological/product features such as this. Out of several of my cards, only one issuer offers virtual/one-time use card numbers themselves.

[kalleboo]

My Swedish bank (Swedbank) had this service from some time in the 00's up until 2017 when they discontinued it. So they were way ahead of the game but for some reason dropped it.

[fragmede]

Was it a flash applet? Moving the tech forwards wasn't something Bank of America could manage to do, so they shut down their version (Shopsafe).

[kalleboo]

On the web it was a flash applet but they had an iPhone app as well

[fragmede]

Why would it be up to Visa/MC to offer the service, and not for the bank, which issues the cards, to implement?

[lxgr]

Regulations are indeed the reason that Europe does not have proxy cards, but pretty indirectly:

In the US, debit card interchange is heavily regulated for most issuers (to an extremely low rate of 0.05% plus a flat 0.24$ per transaction, which can be frustrating for microtransactions, but that's a different story).

Some issuers are exempt from this requirement, though – very likely including the one that Privacy/Lithic use. This gives them a very nice arbitrage opportunity which can pay for the product and even return a profit.

In Europe, there is no such exemption, so a proxy card can even theoretically never be profitable (you earn 0.2% but also pay 0.2% per debit transaction, and after network fees, you're in the red).

What would be possible is to offer single-used debit cards that are funded from a bank account via direct debit, which is effectively fee-free (but decidedly not risk-free). Privacy offers that option as well in the US.

But given the direction into which the EU is moving (heavily guided by regulation), which is to effectively mandate 3D Secure for almost all online transactions, it's questionable how much demand for such a product there really will be, going forward.

[derefr]

My understanding was that privacy.com is just a “detached service” implementation of something that many European banks offer natively as a feature of having a credit card (or even just a chequing account) with them; and that privacy.com was only viable as a business because, for some reason, American banks are (or were at the time) totally unwilling to build anything like this, so people were willing to settle for a (strictly worse from a “privacy” perspective) third-party-MITM-proxy card if it meant having this feature.

I’d suggest, rather than looking for a “detached service” that does this, look at what (probably larger) European banks besides than your own offer their customers built-in.

[davchana]

My Indian Bank, HDFC offers this since 2008, virtual cards with custom amount, one time use. On creation, the amount equal to limit gets set aside. If merchant charges less than max limit, the excess comes back.

Thier at-time debit cards were good only for domestic transactions, but this virtual was good for international, & used to come up as Visa Prepaid. I used it for registering domains & amazon international shopping.

[LelouBil]

I know my french bank offers a service like this, it is an extra though.

[quickthrower2]

Credit card shouldn’t need to be shared with all and sundry. The concept is very old fashioned. We wouldn’t share out side project github keys like this!

[lxgr]

Quite the opposite: It should, in an ideal world, be perfectly safe to share your credit card number with everyone, because all it should be is arguably an account number.

Payment initiation or confirmation can be an entirely separate layer (such as chip + PIN or 3D Secure).

This is actually the goal of European regulators right now (with some carve-outs for low value and low-risk transactions).

[quickthrower2]

That would also be good.

At the moment you need to provide a complete "private key" to each processor, who up the ante to: CC Number + Expiry + Security Code + Name + Address. They all ask for it, so any of them could leak it, or it could be phished.

[Gigachad]

The system works because it's mostly reversible. If my card gets leaked and someone tries to use it. I just disable my card in the app, contact the bank, they refund the money and issue a new card. Perhaps sometimes the bank has to eat the loss but it works out perfect for the consumer.

[sschueller]

What's absurd is that this is something I have to pay for or find a particular issuer of a visa/mastercard. It should be free and included with every visa and mastercard. They should demand that every issuer of their cards needs to offer virtual cards and 3d secure. If they don't then their fees should be significantly higher.

[lxgr]

Issuers effectively do need to offer 3D secure, since they are liable for all fraud that happens on 3DS-enabled transactions. It's just their choice on whether they choose to require authentication at all, some, or no transactions.

The US has more of a free market approach here, and experience has shown that the conversion rate hit is often much more severe than the reduction in fraud. Consumers will just use the most convenient card, and that turns out to be the one that just lets them buy (almost) everything without additional challenges.

The EU is taking the approach of forcing all issuers to challenge cardholders for most (higher value/risk) transactions. Given that the rules are the same for everyone, cardholders have nowhere to "escape" to – and issuers finally were forced to invest into making their implementations more usable.

[davchana]

Capital One offers it on their certain credit cards. Somehow Google Chrome, when you save Capital One card in it, offers to generate virtual directly from Chrome.

[NavinF]

How is that absurd? There is approximately zero consumer demand for stuff like this. Remember when chip cards were deployed 10 years ago and everyone was annoyed at how chip readers forced them to have the card out longer? Or how Amazon often doesn't check CVV numbers because doing do would increase attrition?

Of course a few of the largest banks find it worthwhile to add a page to their website where you can generate virtual card numbers, but it's not a huge win for them by any means even when they're liable for stolen cards.