this post was submitted on 15 Jul 2024
40 points (97.6% liked)
Privacy
31991 readers
488 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Most online places are now aware of Revolut's disposable CC numbers and reject them. They haven't worked for at least a year now. They're basically useless.
Edit: I should clarify: all CC payments nowadays use tokenization. The website doesn't get the CC details, they get a token issued by your bank. The token can be one-time use, or recurrent. Naturally, for one-time cards Revolut issues one-time tokens. The problem is that many websites have caught up to it and require indefinitely-valid, recurrent tokens for any payment. I don't think this is something that Revolut can solve on their side.
What a bummer, I used the disposable CCs with revolution a decade ago and was thinking of going back to it...no point if they're not usable anymore.though.
What I use for such sites is a frozen card which I only unfreeze after setting a limit for my exact purchase amount. Pay, freeze again for the next time.
My bank will assign cards to specific accounts and only draw payments with that card from that account. And they let you make multiple cards and multiple accounts, naturally.
So for me the easy solution is to simply not keep money in that account (because it's a debit account and will simply refuse payments when there's no money).
The other simple solution is the fact that the bank also lists the tokens currently associated with each card, and lets you remove them. Once the token is gone the website has to ask for explicit permission again.
For those not familiar, nowadays websites can no longer store actual CC details (it's a huge compliance violation) and in fact they never even get to see the CC details anymore. You enter the CC details on the processor's page (which is a separate entity), they send them to your bank, the bank verifies them, asks for a 2FA confirmation from you, and if everything checks out they issue a token to the website.
The token can be good for a one time payment, or for recurring payments. If it's a recurring token my bank will list it next to the card involved and let me revoke it. The website can use the token for as long as it's still listed – if I delete it they have to ask for a new one.
I suspect that this is the main shortcoming of Revolut's one-time cards, they issue one-time tokens (naturally) and it's easy for the website to see that it's not a recurring one.
Edit: I should also mention that in the EU this token mechanism is NOT used for utilities. For utilities (and for other EU recurring payments) there's a similar but explicitly separate mechanism called SEPA. It's similar in the sense you can set up the payments and you see them listed next to your account, you can revoke them at any time, they also use a tokenization system, but they draw directly from an account, there's no CC involved and no CC processors, it's a system that works directly between EU banks.
While the disposable cards might not always work, you can always create a regular virtual card and delete/freeze it afterwards. Not sure if there are any limits tho
You can also delete the payment token that was issued to that website.
My bank lists the currently valid recurrent tokens explicitly next to each card, and lets me revoke them individually (but I can also re-add a card to the merchant if I want to).
In the Revolut app it's a bit wierder, you have to go to a card, tap on a past payment, and then you get a "block future payments" button that prevents that merchant from ever using that card, but there's also a "subscription payment" toggle that only revokes the recurrent token for that particular payment.
The "block future payments" feature is severely limited on the free Revolut accounts, you can only do 3 blocks per month and can only have 5 total overall active. So you probably want to turn off the subscription toggle instead.