privacy.com burner cards don't work
1I like using privacy.com because I can not trust any of the sites I shop at and it’s fine. Meh complains that the security code is wrong, when there is no security code. What’s going on? 
- 6 comments, 32 replies
- Comment
A quick glance at their site says you should have a number, expiration date, and security code (CCV) generated as your “burner” card.
Some sites require an actual credit card. Privacy.com’s Visa is a debit card. This might be because the liability is different (bank’s money vs yours). Particularly with a subscription or recurring charge, it makes a difference to the merchant, and they might require an actual credit card, not a debit card.
For example, car rental companies.
@mike808 Curious, how does a merchant know the difference between a credit card and a debit card when you give them the number, expiration date, and CVV/CVC code?
I’m almost embarrassed to ask because I worked in the credit card industry for 11 years and was even in the training department where we taught all departments.
Our company never offered debit cards at that time so I’m not sure how you can tell the difference as a merchant.
@cengland0 I work in Credit Cards now… and I haven’t a clue how they can tell, but they can. Perhaps the system just rejects it with an error message? I was booking a car rental a few weeks ago and they wouldn’t take my Paypal Debit card as a source of payment.
@cengland0 Apparently, e.g., https://binlist.net/ can determine this & more from just the 1st 6 digits with reasonable accuracy. I’ve certainly seen, e.g., Amazon do that (try adding debit card sometime & work out how to avoid PIN-less debiting).
@TPS @capguncowboy Thank you for the information. It looks like binlist is using a database of the first 8 digits to make that determination.
When I did work for the CC industry, we used the first 4 digits from a pool to determine the type of card: Regular, Gold, Platinum, Secured Card, etc. The second set of digits we could look at to see if it was a replacement card from the original being lost or stolen. Then, of course, the last 8 digits were part of the unique account number and check digits.
But I thought it was the issuing bank that determined what they would use their account number ranges for so I’m surprised a company like binlist would be able to compile a list of all those issuers and know how to translate those numbers. Most of our employees didn’t know the formula as well as I did so an external company knowing?!?!?
@TPS Hey, @TPS! Got that report?
The merchant doesn’t do it directly. Their acquiring bank/processor does. And yes, the BIN (technically, not exactly, but close enough) determines the routing to the debit network (and ACH clearing) or the credit network (which does the clearing). And then there are the crossovers where a debit transaction is processed as a credit transaction (e.g. a debit card online or out-of-country - ACH networks are country-specific).
I know way too much about this stuff, helping with the crypto securing *-Pay (ApplePay, SamsungPay, AndroidPay, etc.) Loved the work. Cool toys. Priceless.
@mike808 What report?
@mike808 you confused @tps because you forgot to use the new cover sheet.
@TPS
@DaveInSoCal
/giphy cover sheet
Um… isn’t this spam? Trolling for clicks to privacy dot com? @Thumperchick?
@ruouttaurmind “batz joined us 502 days ago” That would be a pretty long con, man. But I guess tHumperchick can figure it out
@therealjrn Fair enough. I searched the forums for batz activity and found only this post, and was suspicious, but unsure. You are absolutely correct, 502 days would have to go into the Spammers Hall of Fame for longest setup.
@ruouttaurmind And he’s got a legitimate question about why Meh is rejecting a payment. I doubt if they were trying to drum up more business, they wouldn’t highlight a problem with their service.
Also has made 4 purchases.
@cengland0 Thanks for standing up for the shy folk, the people of Lurk will remember you kindly.
@onae People of Lurk! Come on out into the sunshine! Get some good vitamin D too! We have doughnuts…
@therealjrn But I don’t like the sunshine, it’s too bright…
how do you know you can trust privacy.com?
Hells Bells, I wouldn’t trust it. Here’s the top level whois, as a public service.
Domain Name: PRIVACY.COM
Registry Domain ID: 304504_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.enom.com
Registrar URL: www.enom.com
Updated Date: 2015-04-19T22:17:30.00Z
Creation Date: 1996-02-03T05:00:00.00Z
Registrar Registration Expiration Date: 2018-02-04T05:00:00.00Z
Registrar: ENOM, INC.
Registrar IANA ID: 48
Reseller: NAMECHEAP.COM
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: WHOISGUARD PROTECTED
Registrant Organization: WHOISGUARD, INC.
Registrant Street: P.O. BOX 0823-03411
Registrant City: PANAMA
Registrant State/Province: PANAMA
Registrant Postal Code: 00000
Registrant Country: PA
Registrant Phone: +507.8365503
Registrant Phone Ext:
Registrant Fax: +51.17057182
Registrant Fax Ext:
Registrant Email: 31A0EA7462274F9A9062B17DA4E4A4B2.PROTECT@WHOISGUARD.COM
Registry Admin ID:
Admin Name: WHOISGUARD PROTECTED
Admin Organization: WHOISGUARD, INC.
Admin Street: P.O. BOX 0823-03411
Admin City: PANAMA
Admin State/Province: PANAMA
Admin Postal Code: 00000
Admin Country: PA
Admin Phone: +507.8365503
Admin Phone Ext:
Admin Fax: +51.17057182
Admin Fax Ext:
Admin Email: 31A0EA7462274F9A9062B17DA4E4A4B2.PROTECT@WHOISGUARD.COM
Registry Tech ID:
Tech Name: WHOISGUARD PROTECTED
Tech Organization: WHOISGUARD, INC.
Tech Street: P.O. BOX 0823-03411
Tech City: PANAMA
Tech State/Province: PANAMA
Tech Postal Code: 00000
Tech Country: PA
Tech Phone: +507.8365503
Tech Phone Ext:
Tech Fax: +51.17057182
Tech Fax Ext:
Tech Email: 31A0EA7462274F9A9062B17DA4E4A4B2.PROTECT@WHOISGUARD.COM
Name Server: NS-1478.AWSDNS-56.ORG
Name Server: NS-1714.AWSDNS-22.CO.UK
Name Server: NS-862.AWSDNS-43.NET
Name Server: NS-91.AWSDNS-11.COM
DNSSEC: unSigned
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.4252982646
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
(Sure hope that doesn’t turn into garbage when I click on post.)
Please note the relevant information in that record. The country is Panama, and they’re using a privacy mechanism to obscure the ownership. Real companies keep their information in the whois fields because they are professionals (and yes, it’s annoying to be on the other end of 99% of the email you get when you do that).
It also looks like the domain is currently living in the Amazon cloud (AWS, for the cognoscenti), using AWS nameservers as well.
@Shrdlu Ha! meh.com is using a “privacy mechanism” too. I always make my info private for my domains.
@medz Okay, but I’ll bet that their domain is not in Panama. Funny, it says the IP is in Microsoft’s Cloud. I think I’d expected it to be living in AWS, as in the days of yore. I suppose that it makes sense, really. I’m not sure that I was thinking of Meh (fond as I am of them) when I said “real companies”. Even though they are indeed real, they’re not staffed in a way that would permit them to deal with the background noise from the internet.
Take a look at Oracle, as an example. There it is, in front of the world…except, it’s an image of the email (I suppose it slows a lot of the scanners down).
x@Shrdlu in point of fact the company in Panama is WhoisGuard, the privacy service they utilize.
http://www.whoisguard.com/contact-us.asp
Privacy.com is owned by Pay With Privacy, Inc. located at WeWork Soho at 154 Grand Street, New York, NY 10013, not an unusual location for a tech startup to work out of, and fitting with their prior address at WeWork NoMad.
@jbartus Yeah, I knew this, really, but wasn’t paying close attention. I plead exhaustion, mostly.
I’ve become confused of late (due to the weather being mixed up), and have been starting my day later and later. The high this time of year should be in the eighties, and it’s struggling to reach 70 or so.
It’s a poor excuse, but it’s all I’ve got.
@Shrdlu
: )
They’re all poor excuses.
And they’re always all we’ve got.
@jbartus
I must say, they choose an excellent, and expensive, neighborhood.
I’m betting on 20-30 espresso places within a mile, or even withing .5 mile - if not far more. And most of them not named “Starbucks”.
@f00l well it’s not like they’re the sole tennant or anything. WeWork is an office space sharing company they rent from. It’s kind of like having an office timeshare.
¯\_(ツ)_/¯
@jbartus
Yeah. I knew they almost certainly didn’t have the whole building. Not until the they’re pretty large and quite rich.
If you are renting so much a closet in that area, it doesn’t come cheap.
If I had to have an office in Manhattan, that’s about where I’d want it to be.
I’m just wondering why @tHumperchick hasn’t responded. Well, not really, I just like saying tHumperchick.
¯\_(ツ)_/¯
@therealjrn
She may be busy responding to rage and contempt issues from customers.
Or she may have accidentally sewn herself into the curtains, and she’s trapped.
Poor @thumperchick.
/giphy so sew
@therealjrn I’m not sure this needs my response. There are no hidden links, no obvious undisclosed bias. It doesn’t look like spam.
On the other hand, the conversation about privacy and whether you can or should trust a 3rd party site to protect your information is interesting and absolutely belongs here.
Also, I may or may not have sewn myself into a curtain… halp?
@Thumperchick
Next time, aim for sewing yourself into a bean bag chair.
You gotta keep pushing your skills of you want to improve.
/image “person bean bag”
@f00l umm…
@Thumperchick
I know. I forgot to come back and look at the image until too late. : (
You should really change that out or delete it. You’d be doing me a favor.
@f00l yikes. I changed it to person bean bag, that seems safer.
@dave
Mich thx. I didn’t know how to ask for the image removal again without drawing attention to it again.
I did contact CS about it but perhaps they are swamped.
If you are sewn into a curtain @Thumperchick it really is curtains for you