Hi -- I'm the head of legal and compliance for Privacy.com. Unfortunately this is a bank partner requirement, otherwise we wouldn't ask.

We do take customer privacy and security very seriously, and have worked hard to have similar data security safeguards as larger companies like Square and Stripe (both places I've worked, so I would know!). You can read more about some of our security practices here. https://privacy.com/security

Any chance Privacy could accept ITINs as well?

I've tried putting mine in, but it says (rightly) that it's an invalid SSN.

wait... what if I don't have an SSN? (not a citizen, have a us bank account)

US law requires your bank to collect and verify your identity and crosscheck against a series of loste. It is part of the Patriot Act post 9/11. Unfortunately for most banks this means that they require an SSN. Technically an ID or ITIN should suffice.

I have a US bank account that I opened only using my passport and a US home address I live in. and I have a Privacy account. I don't have an SSN. Does that mean I'm locked out of Privacy come 2022?

There's obviously no requirement that you must be US citizen. The requirements are known as KYC -- know your customer -- and simply require a certain amount of due diligence. It means you've verified that the customer is who they say they are, and that the account is in their benefit and not someone else's. It's part of the wider AML framework -- anti-money laundering.

It sounds like Privacy is falling into KYC territory and is not able to farm it off to the host banks. But then any limitations around requiring SSN are due to their implementation, and not to the KYC requirements.

Right, this is crazy. I'm a US citizen but don't have an SSN and couldn't get one last time I tried.

Somehow I’ve assumed every US citizen has an SSN. Are there obstacles you encounter from not having an SSN? What is the process for opening bank accounts or applying for loans?

Did you not apply for one? You’re eligible as a citizen or eligible resident. I have so many questions about this edge case.

Every citizen is supposed to be given an SSN.

Parents can opt out of having an SSN issued for a child at birth in the US.

Sure, but why would they? I can’t think of a good reason.

Regardless all citizens are eligible and should be given an SSN if they apply.

Parents do all kinds of things with the intention of protecting their children. Not all of it is well-informed.

You don't need an SSN before a certain age, so this isn't weird.

Sure it's weird. It's easy enough to do when the child is born, why wait?

My daughter had her SSN used when she was around 10, and I can't recall her ever needing her SSN as it's no longer required for things like medical insurance, etc.

fwiw you don't need to be a citizen to have an SSN, you just need to be legally resident.

I don't know if it's something you have to apply for, I was 20 when I moved to the US so my parent handled all the paperwork. Just wanted to float that SSN != citizenship.

> I get that Privacy is obligated to gather certain financial information for regulatory purposes and fraud prevention, but it feels like I'm widening my attack surface providing that info.

This feels like a "you always become what you once hated" situation. Privacy.com was supposed to keep our private data private. With this change there is no way to use Privacy.com without providing even more private data.

This really should have been a choice for users. Do you want privacy or better compatibility? Considering Privacy.com's userbase and their freaking name, I would guess many users would choose privacy over that extra functionality.

The name "privacy.com", while impressive as a domain name has always kind of confused me. As far as I'm concerned it's a service that protects against credit card theft, privacy unchanged.

With modern fraud prevention and financial regulation, we simply cannot expect actual privacy with payments or really any finance.

When I use a regular credit card to buy something, do Google/Facebook/etc end up being able to link the purchase to my identity to market to me etc? I figured that was the privacy part.

I agree that as a potential customer my main interest is about credit card theft/abuse.

(This does make me wonder if they are mis-marketting focusing on privacy, instead of controlling damange of credit card theft, and sketchy merchants who charge you reoccurring charges you didn't realize/have trouble canceling, etc. That's my interest).

I guess the non-secret parts of the card number can totally be cross referenced with others merchants you've shown the card, but an online purchase very often also has a name and address so your identity is already out the window.

Also fraud detection systems will often track the type of purchases associated with a particular card number, to detect anomalies. So I suppose your privacy is somewhat protected from that, but the e-commerce sites probably already know who you are.

Part of the "privacy" part is the fact that privacy transactions accept any billing address.