You are being downvoted because you completely dismissed something that people worked hard on because it apparently didn't completely solve all credit card fraud instantly.
You also didn't even say which three issues you think Final solves, making discussion about the issue even more difficult.
First off, this company makes a really big claim, "The credit card was broken. We fixed it." Super sweeping, no? Then they say "The next time you hear about a big credit card breach, you can relax." Both of those statements clearly aren't true, IMO, so if I was harsh, it was partly in reaction to their over the top hype. Don't claim you solved the problem of credit card fraud when you really just made a disposable number generator that's already available from two big national banks, and didn't do anything new to address the issue of physical card use and all the associated forms of fraud.
Anyway, in terms of constructively mentioning more specifics, I was thinking it can solve:
-Hacked E-commerce Merchant... [since they get a virtual number]
-Malware on Consumer PC... [since you would not be storing/entering the actual number any more]
Less so, now that I think about it:
-Physical record theft [from] Merchant, government agency... [Kinda - if you pay all government agencies and merchants virtually, you're fine, although those you pay physically are still vulnerable to theft]
(Processor breach is still going to catch your physical purchases, but using virtual numbers online could reduce the attack surface of that particualr vector... So I guess it's two clear solves and two half solves... depending how much online purchasing you do vs physical)
Also, anyone who thinks i'm completely dismissing the company is reading too much into my comment. By "no thanks!" I just mean it doesn't solve any problems for me right now. That's not a dismissal of the company's long term prospects, just because, IMO, the MVP is weak, for me. (As I said in another comment, I happen to bank at a national bank that offers free disposable CC numbers to all customers through standard online banking web login... not everyone has that, so maybe they'll sign up.)
Unless your startup you haven't told anybody about solves all 9 issues, I'll take those 3 all the way to the bank! If they get enough traction with this MVP, they may move onto mailing out monthly physical credit cards which would handle a couple more on that list, but how about letting them learn to walk first?
I guess as a consumer I feel like I already have this option. Bank of America and Citi both offer disposable CC numbers for online purchases. I happen to be at BofA (not a fan of them, but I needed a national bank), and, Googling just now, it looks like I can log on to my online banking and get a disposable number right now, without even signing up for anything.
I was hopeful a "credit card built for the 21st century" would offer something genuinely new. I guess this has push notifications about charges, which is nice. And it can go in a digital wallet, but digital wallets are supposed to refrain from giving out CC #s anyway (or at least Apple Pay does that).
To be clear, I'm not casting judgment on Final's prospects as a business, just pointing out why I as a consumer would not want to go to the trouble of signing up. I do think the mission is a great one and hope they succeed (seriously).
We seriously appreciate the thoughtful feedback. Email me, aaron@getfinal.com, if you want to learn/discuss more about why we made some of the decisions we made day one. It really comes down to resources and a team of 12 working against incumbents with teams of 1200+.
Thanks for being here and your responsiveness in this thread. A small team is actually itself something of a concern for a core life financial product, but the flexibility and responsiveness is a much appreciated strength as well.
Regarding mapgrep's post, I also have one of my accounts with Bank of America, and I have used the virtual card generation feature (in BoA branding it's "SafeShop") constantly for years (and regretted it wasn't more widespread). Nevertheless your implementation looks significant superior, and I think implementation improvements are usually far more significant in the context of a product like a credit card then "genuinely new". BoA's feature is clunky, available only through a tiny (and I mean that literally, it's a 467x300 fixed size window) Flash-based tool with a mediocre UI and poor virtual CC management. It has zero presence on mobile (despite that being the obvious way to use it, particularly combined with Touch ID), no notifications, etc. Despite that the advantages of a fixed limit virtual CC are great enough to make it worth it, but you doing a better job (and one that folks less paranoid then me might be willing to use more often) is a very strong feature for your product in my opinion.
One thing I may have missed on your site that I'd like to see for financial interactions in general: do you cryptographically sign your email communications (or at least allow customers to have that be a preference in their accounts)? I do see you list PGP keys for people to communicate with your security team specifically as is good practice, but I'd love to see more general use of at least signing email, which could dramatically reduce the ability of spammers, phishers and other malevolent actors to spoof legitimate sources. S/MIME at least has widespread native support without anyone needing to do anything else. PGP would probably need to be a selected option as it requires the installation of additional tools, but would be a nice bonus. You could even allow the customer to supply/request you fetch their own PGP key, thus allowing email to be encrypted as well as signed. While PGP support on mobile unfortunately looks to remain poor, since you have your own app for securely communicating in that area it shouldn't be as much of a problem.
Someday hardware mediated scheme's like Apple Pay or Google Wallet or whatever will hopefully make some of this redundant, but I suspect the old CC system will stick around as legacy for a long, long time, and better ways to securely make use of it will remain valuable. Best of luck to you!
It seems like a modest improvement on the way plastic is currently issued. The annual fee and interest rate make this specific card uninteresting for me, but those are largely dependent on the card issuing bank so I would not consider that a ding against the technology per se. I wonder though if the reduction in fraud through this technology, however modest, would benefit the issuer more than the consumer. Banks usually eat the cost of fraud in the interest of lowering friction for consumers, making it up on volume essentially. I wonder if given the benefits of security-improving tech, such a company could convince a more progressive banking partner to subsidize the costs of the card for consumers. That is in the long run, this card should really be cheaper than the alternative, not more expensive.
You only give a new number to merchants where you type in a card number. For all physical card transactions, it looks like you still use a physical card with a fixed card number.
Why are we even taking time to critique startups like this when 9 out of 9 of these problems are already solved with cryptocurrencies that have been around for 10 years? I struggle to see why this is even a product at all?
Unfortunately, if you look at real usage patterns, they are not completely wrong either. At least from the POV of a mainstream non-technical person not visiting obscure meetups but reading newspapers.
I had early access to this but passed on it after I read more about it, specifically:
Annual Fee: $0 intro for the first year, $49 per year thereafter
And
Earn 1% cash back on all purchases
So you have to spend $5000 on this card just to break even and then I'm still only getting 1% back. As someone who has never really had an issues with my CC which averages me 2% back and is free and I can't start to justify this. I use Simple Bank and love the UI (mobile/web) and this UI looks nice but with Simple I didn't have to leave money on the table to switch over to it (or at least not how I use it).
Yeah, I'm not willing to use a card with an annual fee. I already have a card with none, and 1% cash back. I'd consider using a card with less cash back if I liked the services enough, but I'd never pay a fee for a card.
That said, I do really want disposable card numbers; I've missed that service ever since Amex discontinued their version.
The value proposition of Final is pretty low. Fraud on CCs is pretty much inconsequential. If one of your cards if compromised, report it and use another card. "Virtual" cards aren't really a benefit. Vendor-specific cards are already around (Amazon, Bloomingdale's, Costco, etc) and provide benefits in addition to being a targeted card. Vendor-specific cards also help your credit score.
- 18% APR? (interest rates are near 0%; my worst card is 17%)
- 1% cash back (my worst card is 1.5% back, best is 5%)
- $49 annual fee? (None of my cards have annual fees)
Great work on the features and UI for the service, but you need a better banking partner. The product is unremarkable.
Completely agree. To justify any annual fee, in current environment, you need to be not just good but outstandingly good. I have only one card that has annual fee and that one pays 6% back (not everywhere, but where I use it enough to be worth it). There are 2% cards around with no annual fee.
So what I am getting is virtual CC numbers (which is not really new) with package that is rather sub par. I mean, I get the technological end, it's very neat, but when I compare cold hard (plastic :) cash, this card does not look appealing to me.
As for CC breaches and changing numbers, yes, it's annoying, but for me not annoying enough to commit to a card that on relative calculation would cost me couple of hundreds of dollars per year.
The irony is that they "fixed" the credit card but you can't cancel online, just like with any other card. In fact, searching their support, there is literally no instruction on how to cancel. Classic.
interesting how many 'mainstream' companies are acting like the online porn companies did in the late 90s... easy to keep rebilling the customer if you don't provide a way to cancel.
i always look for this before signing up to a financial service. if you aren't easy to reach from every page on your site(or only allow phone calls from 9-3 EST, kind of crap)... i don't trust you with my money, period. I know really good customer service reps are spendy, but hiding from the customer is unacceptable.
Appreciate the sentiment, and agree that being aware of cancelation is important with financial services.
While the phone support number is not published on the marketing site, we make ourselves incredibly easy to reach for all current cardholders, both through the mobile app as well as by phone and email. Support is based onsite here at our HQ office in Oakland, and can be reached between 9am-5pm PST.
what if someone is not a customer or forgot their login? 9-5pst isnt much better then 9-5est, it still means i have to take time out of my normal work day to deal with you on your time. its your business, so run it as your wish of course, but as a customer, these are the things i look at, and scant phone/support availability is a red flag to me.
A lot of funny stories about how that piece of consumer software exists in the world today. About 5 different parties involved, some who are 100% competitors (V vs. MC). 16 or so years ago, MC bought a company called Orbiscom that provides what Citi & BoA use for vCards. Its a layer at the network to provide these mappings and so when BoA issues a Visa card, and you request a virtual card, you're making a call out to a MC service to generate them on a Visa BIN.
None of this even addresses or ties who BoA uses as their core processor for CC, which is now TSYS, and typically have little knowledge a vCard was used.
The good thing for what we're doing at Final is that this goes beyond many credit card numbers, its rethinking what is a piece of plastic in hundreds of millions consumers pockets for how we shop and interact w/ merchants in this day and age.
Bank of America's interface sort of sucks. It takes:
1. logging in
2. clicking on your credit card's account
3. scrolling way down on the right hand side
4. knowing that "ShopSafe" is thing to click on
5. waiting for the little ShopSafe interface to load (it typically takes 10+ seconds)
6. clicking on either "Create a new number" or "Create a new number for recurring payment"
7. entering the security code from the actual physical card (probably a reasonable step)
8. actually filling out the details of the virtual number
That's just to create a number. And if you want to generate a number for something like Netflix or Github (fixed-cost, recurring) and not have to change it every 12 months, too bad -- BofA won't let you generate a recurring payment number that is valid for more than 12 months.
It may have been done before, but that doesn't mean it was done well. I think there's plenty of room for improvement in this area, whether it's done by BofA (who has apparently had 16 years to make something useful), or a new entrant like Final.
Re folks saying it's been done before, it makes me think of the William Gibson quote "The future's already here, it's just not evenly distributed."
Even if it has been done before (I have no idea) -- if something makes a new tech available to many more people, it's effectively new to them.
In terms of using the card, my wife and I have found it useful. It feels empowering to give the card to a service/person and know you remain in control. Yes, all cards let you do chargebacks, or recover from fraudulent charges, but I don't want to have to fight to recover my money.
I love the feeling of using a number and knowing no other charges can come - that number can never be used again.
I signed up 2/28/15. That day there were 40090 people ahead of me Jimmy. Now there are 40091 people ahead of me. So not only has one single person managed to cut in front of me, but the line hasnt moved since prior to February 2015.
That rant/inquiry aside, http://privacy.com/ gave me an account and I have been very happy with it. Seems like a good product.
Bank Of America has been doing this for a while, but the interface is terrible, so I welcome competition in this space. Integration with a password manager (like 1password) would be really convenient!
Other cards might do chargebacks and fraudulent charge recovery, but I look at online services like Playstation Network. If your account is compromised, and you do a chargeback, they will ban your account and you lose access to all your digital content. On top of this, they often will not even provide a refund for content purchased by someone who has compromised your account.
Having the ability to give them a completely different card # with a monthly limit for just them really provides an additional layer of protection without the threat of losing access to goods you legally acquired.
> On top of this, they often will not even provide a refund for content purchased by someone who has compromised your account.
That would be the CC company's job, not? IIRC, at least in US law, if you dispute a charge they can't make you pay for it and they can't also add interest to it. And in practice, no signature dispute is almost always decided for the consumer. That's why merchants are so drastic with compromised accounts - otherwise people would just buy stuff, use it and then claim fraud, and merchants would lose tons of money. They have to create disincentive to cheat.
"disputing a charge" is the chargeback mentioned by OP. Yes, you can dispute the charge, but only if you are willing to risk losing your account entirely.
More likely they would lock your account until you pay up, which is different from the digital equivalent of confiscating all your stuff ie, getting banned.
Your account is charged when purchases happen. So your account would not be locked. You just couldn't make any additional purchases until you updated your account.
Chargebacks are the big problem for companies that operate like this.
> Even if it has been done before (I have no idea)
I had this idea myself, I Googled it and found nothing. Visa has 3D Secure (which is really just a text-delivered OTP), but implementing the standard is completely optional. I've only come across it on a handful of websites.
The quality of the service varies between banks though, I remember my previous bank who forced me to go over a sketchy-looking website and use a Flash applet to generate the card...
AFAIK it's not possible to create a card with a monthly chargeable maximum amount, only to set the total amount for the card's lifetime, which limits the interest of the use for recurring payments.
> Tired of your monthly yoga pants subscription? Or a two-week "free" trial that lasted four months? Just deactivate that card number. It's that easy.
This is a pretty useful feature. But does it run afoul of some mysterious rules that allow recurring charges to continue[1], when you have a tradtional card cancelled and reissued under a new number?
From[2]:
> Thanks to some under-the-radar rules that work out in favor of vendors who charge recurring card fees, most credit card carriers allow a "recurring indicator" to be included in vendor/customer credit card transactions. In layman's terms, that means there are data bytes in your credit card payment DNA that allows companies to bypass credit card expiration dates and keep charging you anyway, even if your card has expired.
> Worse, there are loopholes in credit card regulations that enable vendors to get new credit card information if the old card was closed due to fraud, or even if you switched cards for a better rate. In either case, the recurring charges continue.
You wouldn't expect the lease on your apartment to terminate if you used a credit card for payment and it expired.
Similarly, the lifespan of most other recurring contracts is independent of the lifespan of your credit card. The reality is that most merchants won't chase you for payments when the card expires because it is expensive and generates bad will, but they can.
What I don't understand with Final is how they can guarantee you won't have to make another payment after you cancel a number. They don't control your agreements with third parties.
Edit: though I'm in the UK so my understanding of the law is biased in that direction.
People bring this up on every discussion of virtual card numbers. You should keep in mind that your contract with the vendor is independent of the payment method. Just because you stop paying them, doesn't mean your liability goes away. The vendor could pursue you in court, or could make a black mark on your credit report. Of course, this all depends on the terms of your contract -- if it's with Bally's gym, for example, you can be pretty sure that they will come after you. If it's with some SaaS company, they're more likely to just delete your account.
Unauthorized recurring charges shouldn't hit your real credit card since Final is the credit card issuer in this case, which means they're the ones that ultimately decide if a credit card charge is allowed to go through.
Think of them as a bank that has issued you a new credit card, except they're not actually giving you any credit, just a CC number/PAN.
I'm a merchant of semi-high priced recurring memberships ($100-250/mo) and I wish our payment processor had this feature. We routinely have upwards of $4k a month in failed charges for some combination of {expired, cancelled, deleted from the system without the underlying membership being cancelled}.
Curious, what prevents you from switching to stripe? No idea how $4k/month fits in with your revenue or the opportunity costs in doing so, but $4k/month seems enough to justify spending a week to redo the integration.
Most importantly Stripe is quite a bit more expensive the payment processors I've used in the past. Less importantly but still a show stopper is that all the full-featured pieces of management software for this industry (fitness facilities) are tied to a very small number of payment processors. Some of the large ones have one processor and you literally cannot accept credit cards without using them. They're still cheaper than Stripe so it's not that big of a deal but the UX leaves quite a bit to be desired.
I don't think I need temporary numbers to protect me from fraud. The fraud protection with my current credit card has been working fine so far. Another reason not use this card is that I don't want to miss out on reward points. I don't see how this business model is going to survive.
Rewards are hoops CC card companies make you jump though to get some of your money back. Money you pay when vendors increase their prices to cover CC card fees.
Pedant rant/ That's not quite how pricing works. Firms will generally charge the highest price the market will bear. If the firm is already charging that price, demand decreases if the raise the price. Depending upon the price elasticity of demand, it may be a precipitous drop. The firm is more likely to just have diminished margins.
I don't know what credit card you have experienced this with, but with mine I just indicate that I want cash back in the form of statement credit and it's good to go. There are no hoops to jump through.
This was my thought. I would love to use it, but I am not going to give up my SPG card from American Express. It gives me 1 point per purchase, but by saving those points for first class tickets, I have been netting out at 25 cents per point.
For instance, I just took a first class, round trip flight to Tokyo with my wife. The cost for each one way flight was a bit over $15k. So thats almost $60,000 in flights that I booked for 240k SPG points (transferred to AA with bonus, which then booked with Japan Airlines and Singapore Air). If I had used Final's 1% cashback program, I would have only received $2400.
Seems like a no brainer to skip out on the cooler features to get 25% more value from my purchases.
The security and control benefits of Final go well beyond grocery points and miles, but we understand rewards are important.
So while it might not be the highest cash back rate available, our goal is to provide rewards that actually get used by our cardholders - and that means making it easy to redeem - two clicks easy."
So if you have a decent rewards card, you would be sacrificing quite a bit in rewards with this.
It's not the card built for 21st century, it's just a slightly better 20th century card. 21st is not anymore US-centric, therefore anything in 21st century should be world-wide; focusing on US only shows how you are going to lose bit opportunities.
Setting up a financial operation globally simply isn't a matter of spinning up some AWS instances and hiring a firm to do internationalization of your site.
Of course it is difficult. But claiming that you created the "credit card for the new century" is a pretty bold statement. Especially if you aren't ;-)
On the other hand I understand that saying "We slightly improved a 40-years old tool that is being replaced by totally different ideas and we are releasing it in what 10 years ago was the main market in the world, but today is only a part of the bigger picture and will be even less in the near future" sounds slightly less sexy.
^ This right here. Setting up a financial operation that's compliant and secure in the US is a bear. Adding intl is a great way to kill a thing before it's even alive.
I like privacy.com ... Chrome add-in and you can generate card numbers at anytime for online-only stuff. I've put all my subscriptions (i.e. Netflix, Hulu, etc.) through privacy.com.
I applied/heard about Final long, long time ago and they've done nothing since. So yeah...
I have a hard time with Privacy on more than a few vendors. This is usually because their system doesn't account for the authorization and charge being from two different company names. In NYC, for example, all cabs and related cab apps will charge like this.
This is something we've been working to improve over the past few months. If this happens again can you shoot us a note support@privacy.com with the details?
Prepaid vs Credit is one main one, which drives towards a lot of acceptance issues. Many other pieces two around a holistic credit card product, happy to provide invites to anyone who pings me (info in profile). Disclaimer: CEO @ Final
The biggest distinction I saw without actually using Final was that their card appears to require a relatively good credit score and has an annual fee but also has a 1% cash back rewards program.
I haven't used either service so I can't compare anything else.
Hm, I've been doing this for years. My bank lets me create virtual MasterCard credit cards that can either be one-time use only (they "auto destroy" after one payment is authorized) or can be set to expire after a certain month or a certain amount of money is spent.
They're linked to a physical card and/or bank account that you never disclose, and you get an SMS notification for every transaction.
Not sure if I missed it, but I dont understand this:
The founders of the company couldn't use their cards because of Target breach. And they started Final based on that experience.
How is Final solving this problem for breaches involving in store transactions like that of Target? imo, the Final card would still need to be deactivated right?
If I understood their value proposition correctly, Final has the best UX for virtual card numbers unlike those provided by BoA and Citi, where the UX to generate and use them sucks, and to be used for online transactions.
w.r.t in store transactions, it continues to be the same. (correct me if I'm wrong)
For us, it was about control. We felt powerless when our issuing banks canceled our cards w/o warning. You're correct in that Final uses EMV to solve for in-store fraud just like rest of industry (which reduces by 80-90%). But if I lose my card or on slight chance someone manages to skim at POS that is magstripe, I can just turn that card off, and all other recurring payments and merchants are unaffected, just need a new plastic.
Virtual card numbers are not a new thing. For example, some Citibank cards allow you to create separate virtual numbers for different merchants. However, it looks like Final makes the process much easier.
That flash interface has not changed in 16 years, except that a few years ago they added a requirement to enter the three digit code from the back if card.
So that's pretty impressive that they can still support and maintain code that old.
Just because the user interface or functionality didn't change doesn't imply the internals didn't change to keep it maintained and running though, right?
Virtual cards are just about 20 years old, we're starting there, but already working on a lot more pieces to what it takes to be a truly digital credit card.
Why should end users care about hacked cards? Sure its painful to swap out all your cards but its only inconvenience, no real money lost. Its the issuers that lose money.
So if you are selling a card to the end users, individual cards for each transaction (which others do already) cannot be your first point. Its not convenient at all to go through an app to generate a new number every time. Sure there will be people using it but not sure it sells with the bulk of the users.
Inconvenience and stress. I had my card "stolen" twice, and the bank was kind of a pain to deal with. Mostly their incompetence, rather than a refusal to help, but that didn't help. I don't bank with them any more, but it actually wasn't even over those incidents.
So while I wasn't out any money, I was definitely out my time and had to deal with excess stress, so I do care if it gets stolen in the future.
Am I missing something - I mean it's annoying having to update recurring payments with a new card# but it doesn't happen that often and the issuer has the liability, so what do I care?
This literally just happened to me today, and it was a bit of a pain, but it only took half an hour with last month's statement and a web browser to update all my regular payments.
The one thing I would recommend is having a secondary card with a different provider kept as a backup, just to deal with the couple of days between cancellation and receiving the new card. Even better is if it's a different card type (Visa if you have a MC or whatever) for that once in a blue moon situation when a merchant doesn't accept that card. Finally, if you do this, put some regular, low value monthly payment on the backup card so it doesn't get cancelled for inactivity. Netflix is good.
If there's an annual fee, most customers expect either excellent rewards or top-tier customer service (e.g. amex). Hard to justify $50/yr for neither of these.
All companies start somewhere, and when we look at the rewards games being played it becomes beyond a loss leader (been meaning to write up a blog post explaining issuer side economics on interchange). Deals like this: http://www.bloomberg.com/news/articles/2015-04-17/costco-see... (<0.40% interchange) make it overly painful to compete at top tier rewards today without having perverse consumer incentives, but we have ideas of where loyalty should go and are driving towards that.
As for customer service, we believe you can't tout that as differentiator, you just have to do a great job and your customers will speak for you. Amex did a great job over last 50 years, but is struggling to be relevant in this day and age (http://www.bloomberg.com/features/2015-how-amex-lost-costco/)
We agree there's nothing better than exceptional customer service and experience. We've built Final from the ground up as a new credit card issuer so that we can continue to enhance the technology, service, and experience. We need to make money somehow, and we think an annual fee is the best way to align with our customers.
We've spent 3 years to get to this point. We're now live and actively inviting people from our waitlist to apply for a card.
We talk to our customers often and ask them what they think about us. We will continue building and making it better. Here's what we've heard:
"The few people I’ve showed your service to so far have said “this is what we should have had all along” and I agree."
"Final just solved my XM radio problem. I've been trying to cancel XM for a year. Each month I dispute their charges, Amex credits my money back.. but Amex would never just BAN them from charging me. Generated new final number, added to XM, then froze account. Boom."
"Final is one of the best banking products I've ever used. You guys could have sat back on your haunches and only delivered the cool feature of generating cards, but the well-designed phone app, the card, and your great customer service make every other card I have in my wallet pale in comparison. I reach for the final card to make daily payments not because of rewards points, but because I see the receipt immediately and I'm able to instantly dispute the charge if necessary. I don't know if there's such thing as 'credit card anxiety', but something about that gives me so much peace-of-mind.
Thank you for creating a great product!"
And our favorite:
"You guys fking killed the UX experience. The site is a pleasure to use."
My feedback: The virtual card numbers and the ease of generating them are tempting. But I'm already protected from fraud by my existing Citi DoubleCash (2% cash back, no annual fee). I'm not going to lose 1% cash back and the fee to get a Final card.
Nav bar at the top reorders, or shifts width, or something - so I clicked something else instead 'FAQ' a couple of times; each time I had to wait several seconds while the navigation faded in...
Appreciate the thorough response. I definitely think you guys have a unique value proposition. I still wonder if it's enough to justify switching costs for a large enough # of customers (e.g. re-setup bill pays, stored cards on accts, etc) for one truly differentiating feature, but wish you guys best of luck with your launch!
What type of support do you offer for your card members? Is it email only? When I clicked on "contact us" on your site there was no phone number not even an 800 number.
Both email and phone, but for full transparency we actually prefer email since it keeps a full log of conversations with consumers for both parties to have. Our card has a number on the back of it and a few other in-app spots have our number on it.
Thanks this is good to know. I think many people prefer the immediacy of phone support when they are having a payment issue. I looked through your FAQ and didn't see any mention of support which is why I asked. Congrats on the launch!
It doesn't. It's one account that has essentially has multiple account numbers. It's the activity of the underlying account that matters, not which account number you as an end user use to access the account.
One account, one statement - but you have many numbers at your disposal. The virtual cards don't impact your credit score any differently than a traditional card product offered by any major issuer.
I have stopped using any of my cards that don't work with Apple Pay. Apple Pay solves the problem of a static card number being stored god knows where for how long in who knows what flat file or databases. One time card numbers ftw.
We do it from the core infrastructure we run ourselves. Built the full stack to have flexibility and innovate in industry where 90+% of CC transactions still run on mainframes & COBOL
Fair point, problem is that theres no short answer here. We partners with a bank to get our own BIN (https://en.wikipedia.org/wiki/Payment_card_number), that when loaded onto the networks, gets routed to our core infrastructure. There are many ways to segment this BIN, randomly, PRIN(?), few other industry standards, and so when you want to issue a new consumer a new card # you use whatever your algorithm is, and assign it to that customers account (or whatever exactly your data model is).
So its 2/3rds BD to get setup, 1/3 enterprise engineering and a lot of integration work to get fully setup and running. Payments is the only trillion dollar industry where nothing is written down, we're working on changing that since we find a lot of the stories fascinating and so do most people we retell them to.
If anyone is in Oakland area and wants a primer, always happy to share, we spent 3 years learning industry and now its our time to start giving back.
My largest complaint is every time some company's crap security gives up my credit card and PII data, the card companies protect the stupid in not telling me who it was. I find this abhorrent, as if I knew, I'd simply never deal with them again.
The concept of Final is pretty awesome, as in theory this now allows me to identify who they were when I have to change out a particular number for a vendor. I then know they were a crap company, and likely would just never use them again. Finally.
I use BofA as the convenience at least here in Phoenix is great, but their disposable card numbers is no good for repeat transactions, which I do frequently. It is also highly inconvenient that it only exists for Credit Cards, and not my Debit that I use just as frequently. Final's solution fixes this (except my debit card) imho, definite perks I wish BofA had today.
With any luck, the banks will see what they are doing and at least copy them now that someone has shown them the methodology. This should be an industry standard solution in lieu of major PII breaches every 3 months these days.
I have been using something like this for years (a French service from my banking group called Virtualis). I have no idea why it's not more frequent.
The main thing to be careful about is not to use this to pay for things where you will be required to provide physical proof of card ownership later. For instance, some French railroad tickets can be withdrawn from machines where you must insert the card that has been used to purchase them.
Pretty cool. I've always wondered why the credit card industry never did something like this. Can you view the full number you used for a company? Like I know at least 2 businesses off the top of my head that asks for full credit card numbers for support, and then another one only wants the last four.
Which I really feel that's insecure to even ask for the full number other than when you first order.
Working on native Android full steam now, but yep started with iPhone for now. Web is full responsive and have a ton of Android users using it and happy w/ experience. But point taken.
Does anyone know if this company has any relation to Coin (recently sold to Fitbit)? I ask because they use literally the same actor in their video (and the style is identical to boot) [0].
Did a quick google search to see if maybe they had the same co-founders but no dice.
EDIT: Apparently the actor runs a production company that makes commercials for start ups and he stars in many of them[1]. It is actually quite surreal.
SV has made many such videos for popular startups. Whats unique about it is that the production company also takes some equity in exchange of reduced production costs, there by sharing the risk/reward of the startup client.
This wouldn't work in the UK because you can almost never pay a "subscription" with a credit card - it would usually be a direct debit, or they might accept a debit card.
So I was going to comment along the lines of "surely it's actually a debit card, and I'm not sure I trust a company with such inaccurate copy with my money" - but comments here seem to suggest it's correct.
Anything can be put on a CC in the USA then? Do you also have DD? Why would you use DD if you can use your CC for such things?
The Wikipedia section on DD in the UK is very much longer than that for the USA. Funny, I never doubted that it was universal.
Why would you use a debit card, which directly takes money out of your banking account, when you can use a credit card which increases a number owed against you? The former can cause lots of money in overdrawn bank accounts, while the latter will only cause the transaction to be declined. Also debit causes you to have to pay the fee, while credit forces that on the merchant.
Almost everything in the US is done with a credit card (through VISA et al networks). Most people's debit cards go through the same networks. If by DD you mean direct debit through the banks, that's called ACH here and is pretty awful with respect to fraud since you have to give your bank account number, and transactions take several days to go through.
Debit cards don't work like that in the UK --- they have similar levels of protection to credit cards (although this varies a bit from vendor to vendor). Credit card fees are not forced to the merchant and frequently you have to pay them yourself, and they're considerably more than the fee for a debit card. You can't become overdrawn using one (subject to propagation delays, of course).
Direct Debit is very common, and is covered under legal guarantees --- companies using it must stand indemnity. There's frequently a discount for paying by direct debit.
Also, I'm not clear on why is giving your bank account number a problem with regard to fraud? At least here, you can't use it to do anything other than make deposits (and you still need a sort code number for that as well).
And while he was inconvenienced by this, he was entitled to an immediate refund (which he opted not to claim given the relatively small amount involved and the beneficiary being a charity)
Wait, what? It's the exact opposite of what you described! If you don't have money in your account, a debit card will just get declined. No fee to pay, no penalty, nothing - transaction just gets declined and that's it. Debit cards are also free to use in most places, while using a Credit Card has a 2-4% extra fee. Debit cards are free to issue, while Credit Cards usually have a yearly fee.
Is it just completely the other way around in the US?
Which bank are you with? Most UK banks will gladly allow transactions on debit cards to go through, resulting in your account being hit with overdraft fees, the size of which vary depending on whether the overdraft was pre-agreed, exceeded, or entirely unarranged.
Unfortunately, the prevailing attitude in most UK banks that I've seen is one to look to profit from transactions rather than protect their clients. Unarranged overdrafts are fantastic money makers in that regard.
But parent commenter's point was that if you do this with a credit card you could be completely unable to pay - if, for example, you have a single bank account with:
(balance + overdraft) < minimum payment for credit card
This can't happen with a debit card, since it will decline the payment, in the same way it would if you tried to use it to pay off a credit card bill of the same amount per above.
I'm with Barclays, and I don't have any overdraft. The only way I can go into an unarranged overdraft is if I run out of funds in between the transaction being approved and actually clearing - if I don't have enough funds at the moment when I use the card, the card just gets declined.
After US banks were hit with restrictions on unwanted overdrafts, I believe they started charging fees to reject transactions due to insufficient funds too.
If you have $1020 in your bank account, and have a $1000 rent check about to clear, and your card gets stolen and $100 is charged to your debit card, then your mortgage payment is going to get declined even though you knew you had enough money in your bank account.
> Also debit causes you to have to pay the fee, while credit forces that on the merchant.
Usually in Europe it's the contrary; there is no separate fee for using a debit card, whereas the credit card fees are inflated and passed-on to the customer.
For example FlyBE, a UK airline charges, 3% of the transaction total for credit card but zero for debit. Ryanair and Easyjet charge 2% for credit cards.
Even worse, British Airways charges a fixed-fee per passenger.
> This wouldn't work in the UK because you can almost never pay a "subscription" with a credit card - it would usually be a direct debit, or they might accept a debit card.
This isn't quite true. A lot of American companies in the UK (e.g. Netflix) now use recurring card payments rather than Direct Debits. I think Final would still be useful here.
Does anyone know of anything like Final in the UK?
I think my dream scenario here is some big bank or other large financial company (like Fidelity) buying this for the technology and combining with their credit card line.
Not that I wish or think the founders can't make on their own, but CC market is rather commoditized, and I don't think they can compete on technology alone here. 1% + 49/year annual fee is not a superior offer. But a bank that can do 2%+no annual fee attached to it could do wonders with it I think. No financial pro, so maybe I am completely wrong :) but I'd switch to such offer right now.
It seems like they're rolling out the equivalent of Application Specific Passwords that Google has for sites that don't work with TFA.
How much info are you displaying on the various merchants that are billing via the individual card numbers? My credit card bill tends to have a transaction identifier, the name of the merchant & a reference number (along with transaction date & post date). Would be great to have merchant's address and additional information on it and flag if it's recurrent.
I've gotten early access and have been trying it out. So far it's been incredibly easy to use (one time cards is awesome for ordering food or trying out new merchants/startups) and I enjoy the notifications. I just received the plastic card so it may end up being my primary card replacing a Chase Freedom card I have had forever (also 1% cashback). As for the comments about annual fees, if this becomes your primary card I think it will more than pay for itself over a year.
> We are PCI-DSS v3.1 compliant and apply PCI standards when dealing any cardholder information
I don't think this was some kind of wordplay attempt around dealing a deck of cards. Hopefully they're just "dealing with" the information instead. Typos in statements proclaiming how safe and secure they are...
The concept seems fine, I think some of this is already possible with other card issuers. I doubt I would pay a $49 annual fee for the service when there are free cards available.
Yes, I immediately thought of Citi's Virtual Account Numbers.
Citi also offers a card with no annual fee and 2% cash back, so if you use Final you're effectively paying $49 plus 1% of your spending each year for a trivial increase in piece of mind that you didn't need to begin with (because you're not liable for fraud).
Will have team take a look tomorrow and adjust it to the intent is clearer, this reads weirdly. Honestly, don't think the wordplay was intentional, we just went through our second PCI level 1 audit & take cardholder security & privacy very seriously.
have been using this for a couple months and absolutely the love the experience
aside from the obvious security benefit, the UX makes me never want to use another credit card. being able to see all of my merchant relationships in one place makes it easy to keep track of payments, paying my balance is effortless, the push notifications are seamless.
when final says they're making a credit card for the 21st century, one part of that is security, but a huge part of it is UX + customer support, too.
Having to pay a annual fee, a credit check and get an invite to use it? Might as well just use my AMEX or my debit card. My bank is more crazy over transactions than anything.
Walk into a Wal-Mart, as soon as I put the card in my phone rings (it's my bank) and card is denied.
AMEX likes to text and email me of things needing my confirmation.
If all else Privacy.com does the job just fine of generating new cards, burners, and etc.
This was probably the first one of these you saw, because their original concept website came out I believe 2 years ago. They haven't launched (still) although a few others have. They've now added some things and it looks interesting, but has been a long time coming.
The next time you hear about a big credit card breach, you can relax."
I don't actually agree with either of these statements. I think what is broken are practices of credit reporting agencies, theres really only the "Big 3" in the US = Transunion, Equifax and Experian." They are in control of your credit profile and not you the consumer/citizen/person. They are constantly selling your data. When you get a credit card offer in the mail it is because a third party bought a risk profile from one of these big three credit reporting agencies.
Their security practices and policies are also questionable. A recent example - last year Experian was breached and millions of customers data was stolen. Experian informed people weeks later via snail mail. Apparently they didn't think this was time-sensitive issue. They offered two years of free credit monitoring after which time they would start billing you for the service - talk about an inappropriate marketing opportunity.
This is so horribly broken on so many levels. You can not opt out of these agencies owning your credit profile.
Also I have had fraudulent activity on my credit card accounts before with two major credit cards and both times they have proactively informed me that there was suspicious activity and to contact them. I contacted them and they issued a new card and told me to not worry about the charges. This was the last I heard of it. Yes you need to go update your credit card number with people online but in my case only half a dozen places would have that and generally merchant will email you if there is a problem with the card such as you forgot to update them with the new one.
I am curious if anyone has tried this new card though, it looks interesting.
Thanks will look into it. Some old janky JS we have from what is still our original marketing site at its core. This codebase is separate from all actual customer data/sensitive things, so it could use some JS best practice cleanup clearly (even though this might be a responsive CSS thing)
As another commenter has posted - bofa & citi also let customers generate 'virtual' cc numbers. So Final is only useful for customers of other banks, or is there any advantage for bofa/citi customers as well?
I too will pass. My old MBNA now BofA that generates virtual credit cards numbers without a fee. CitiBank also has cards with this feature. There's no compelling feature that would make me pay $49/yr as annual fee.
People in this thread are just obscuring the details of this announcement, which is that this is wonderful and that I will be looking to acquire one of these cards.
In all honesty, the juice isn't worth the squeeze. When you put a battery into that form factor battery life is a big issue and keeping in sync with your phone really harms it. Add recharging and you have other tradeoffs, so EMV gets us 95%+ of the way there and we're happy not having to solve really hard esoteric challenges related to things like the Bluetooth stack for BLE use.
It matters b/c if some unseen event(they do happen) or emergecy happens and you can't make the payment, you are paying almost 20 cents on the dollar in interest. So yes if you use credit for convenience and pay your balance in full every month it doesn't matter much but like I mentioned if you have some serious event that happens which results in your not being able to pay, yo you would be better off with a card at 12% APR.
"Doing it wrong" does't really account for unseen or unplanned events in ones life.
I am Spanish and I got lost in translation, from the rest of the comments and a quick search this is when borrowing money; I thought it was a different kind of fee (:
Edit: I misunderstood it since "Annual Percentage Rate" seems like just a group of English words together when it actually has a special meaning in economy
It's the interest rate you pay if you do not pay off your credit card in full every month, but you should always pay off your credit card in full every month, so it doesn't actually matter.
for credit cards? well within normal, although most cards have more than one APR. For instance, AmEx Blue Cash Everyday currently says 13.24% to 23.24%, depending on your creditworthiness when you apply.
18% usary is somewhat normal'ish in the US. It is a lot sure compares to not paying any at all. But there are also plenty of cards that are 24% or 30%. Often times the APR starts with a "teaser" rate of 12% and then it resets to a higher rate triggered by a late payment or sometimes just that the teaser rate expires after year.
Please don't comment like this here. Especially in response to new work, which is always a fragile thing regardless of how valuable it turns out to be in the end, comments here must be civil and substantive. Yours was neither.
Let me rephrase then - how can something that is "built for the 21st century" be treated seriously, if the one of the main ways to interact with it seems to be mobile, and the mobile support does not include the biggest mobile ecosystem on the planet? It's not "built for the 21st century" - it's "built for iOS users".
Old stat, but in 2012 Apple made 75% of the profit in the mobile market, with 9% of the share of sales.
It is the mobile ecosystem with the most affluent customers and the most cachet. This is a luxury product for luxury people; why would they not build for that ecosystem first, and then work downwards?
They probably have limited resources like many startups, and have to prioritize. Like how the stock trading app Robinhood was Android only at first, then they went to iOS. No web version yet as far as I know.
Ideally I think if your building a product, you should have Web version, native iOS and Android versions as that would cover pretty much all of the market in the long run. But maybe it's best to focus on just one version, get it right and then make it for other platforms
-Hacked main street merchant, restaurant...
-Processor breach...
-Hacked point-of-sale service company/vendor...
-Hacked E-commerce Merchant...
-ATM or Gas Pump Skimmer...
-Crooked employee...(Most frequently committed by restaurant workers)...
-Lost/Stolen card...
-Malware on Consumer PC...
-Physical record theft [from] Merchant, government agency...
https://krebsonsecurity.com/2015/01/how-was-your-credit-card...
So of Krebs' top nine sources of leaks, Final addresses at most three. No thanks!
UPDATE: Re the downvotes, Maybe someone should tag posts about YC companies so we know when it's unacceptable to engage our critical faculties.