Data Breach Defense: Payment Masking

In the Christian Bible, Jesus said, "Where your treasure is, there your heart will be also." Put another way, "show me your bank statement and I'll tell you what matters most to you." Your bank and/or card issuers are selling your transaction data to data broker companies, who use this information to figure out things like your income, net worth, and what you're likely to buy. They can correlate this data with marketing campaigns to figure out how to better sell you things. They can also correlate things like where you live based on the geographic areas you spend money. And of course, I need not tell you that credit card information on the internet is highly vulnerable to being stolen in a data breach. Protecting your transactions is a critical part of protecting both your privacy and security. Fortunately, this is quite easy to do.


Step one is to use cash whenever possible. The advantages of cash are numerous. For one, cash has been proven to help people spend less, so it'll save you money. Another is that it keeps you from ovespending by removing the possibility. One common fear is that by carrying cash you make yourself a target for mugging. Frankly, this is ridiculous. Criminals don't have x-ray vision. They don't know if you're carrying credit cards, cash, or how much.

My strategy is to figure out how much cash I'm likely to need during any given pay period - gas, groceries, entertainment, etc - and withdraw that amount at my local ATM. Of course I am giving away a general location of where I live by doing that, but all my other transactions remain private. How much I drink can't be used against me in health insurance quotes in the future, nor can how much I drive be determined based on my gas purchases, or any other number of invasive facts about my private life. Additionally, I never have to worry about my card being skimmed at a machine.

Online Payments

Of course, cash can't be used everywhere, primarily online. In those situations, you have a variety of options. If you live in the United States, I recommend The service is free, they make their money from transaction fees from the vendor at no cost to you (just like a normal credit card would), as well as a premium tier of services and features. The service links to your bank account and allows you to create digital debit cards that can be limited by total, month, per-transaction, or one time use (or unlimited, if you so choose). The cards link to the vendor they're used at, so for example if you use a card on Amazon and Amazon suffers a data breach, the card can't be used anywhere else. It's essentially useless to the hacker. Likewise, since each vendor will require a unique card, a stolen card number doesn't require you to cancel your card, get a new one, and painstakingly update every service you use. Just cancel the one and update it with almost no disruption to your daily life. For European readers, Michael Bazzel mentions Revolut, although this service does seem to come with a flat monthly fee.

Some people may not be comfortable giving their bank information to a third party, or may live in a country where doesn't operate. In those situations, I would recommend using pre-paid gift cards or Visa vanilla gift cards, paid for in cash. You also have a variety of pre-paid digital options. Among the ones I would recommend are MySudo, Abine Blur, and for European readers Kevin Mitnick suggests ViaBuy. Note that none of theses situations, including, is actually totally private the way cash is. Somewhere along the line a trail has been created that, with enough effort, can be traced back to you, so don't use this as an excuse to do anything illegal. This is purely to throw off automated tracking systems and protect your card number from being stolen in a data breach.

Bitcoin & Cryptocurrencies

A few years ago, Bitcoin exploded in popularity and came to the attention of the mainstream. Contrary to mainstream media portrayals, Bitcoin is not 100% private or anonymous by it's design either. It takes a lot of work and effort to set up an anonymous Bitcoin wallet and to use it in a way that maintains that anonymity. Generally speaking, I think cryptocurrencies are fun, and I'm very much of a fan of the idea of decenatralized, government-free currencies. I also think it's a good idea to diversify your money. However, I would caution one against getting too interested in Bitcoin. At this time, it's a hobby and an ideology more than a practical thing. I wouldn't put too much money into it for a variety of reasons.

Previous Next