When it comes to financial privacy, good old fashioned banknotes and privacy
cryptocurrencies like Zcash & Monero get all the attention. But as I
recently wrote for the Sound Money Project, let's not forget about
prepaid debit cards.
Having written a bunch of posts over the last two years about financial
privacy, I recently decided that it was time to step up my own personal
financial privacy game. A few months ago I walked into my local pharmacy and
bought my first non-reloadable prepaid debit card (i.e. gift card), a Vanilla
card.
You've probably seen the rack of prepaid cards near the front of pharmacies
and department stores. Some of them are closed-loop cards. They can
only be used to buy things at the issuer, say Tim Horton's or Starbucks. But
some of them, like my new Vanilla Prepaid card, are open-loop cards. That
means they can be used wherever Visa or MasterCard are accepted. In Canada,
Vanilla cards are sold in denominations from $25 to $250.
The Vanilla card that I bought doesn't have my name on it, nor did I have to
show any ID to buy it. I paid for it in cash. This means that whenever I use
my card, my identity won't be associated with the purchase. My card is backed
by dollars held in a pooled account at Peoples Trust Company, a Canadian
bank. It gives me the right to anonymously route my portion of the pooled
funds along the MasterCard network to a retailer who operates a MasterCard
terminal.
Given that authorities and banks have spend decades constructing a vast
financial surveillance apparatus (the Bank Secrecy Act, FATF, AML, CFT,
suspicious transaction reporting etc), it seems odd that this small window
for accessing the digital payments system anonymously would have remained
intact. To comply with Canadian anti-money laundering requirements,
card-issuing banks require that the prepaid card seller (my pharmacy) collect
the buyer's personal information if the face value of the card exceeds
$1000. For amounts below that, due diligence is waived. The same practice
is followed in the U.S. This regulatory exemption is why I didn't have to
give up my anonymity when I bought my card.
The idea motivating the sub-$1000 exemption is that small amounts of
anonymity can't easily facilitate criminal activity, but larger amounts can.
(Note that I can convert my non-reloadable Vanilla card into reloadable
format—i.e. a card that I'll be able to add money after the first batch is
used up—but I'll have to register and forfeit my information. Only
non-reloadable cards below the $1000 cap are exempt from due diligence.)
I'm not obsessed with privacy. I still use my information-laden credit card
for a big chunk of my day-to-day purchases. But from time-to-time I want to
have the option of shielding my data from outside observers. Cash is good for
that. I already use banknotes and coins to pay for about half of my
face-to-face purchases. This is usually for the sake of convenience, but
sometimes it's because I'd prefer not to give up too many of my personal
details to the retailer (especially small shops I've never been to before).
By adding a non-reloadable prepaid debit card to my wallet, I've gained an
extra degree of protection. Say that I've used up all of the cash in my
wallet, or I need to make a purchase in a place that doesn't accept cash, or
I want to buy something online—well, a prepaid gift card offers me a way to
make a transaction while still protecting my data.
Law abiding citizens who are conscious of their financial privacy are a
pretty small demographic. Sellers of non-reloadable prepaid cards have much
larger markets in mind, specifically: 1) people looking to buy convenient
gifts for friends and family or; 2) the unbanked and underbanked, i.e. those
who don't have bank accounts or have them but don't use them. By allowing people
to buy prepaid cards without identification, those without formal credentials
such as driver's licenses, social insurance numbers, or credit scores can
still make digital payments. Think the homeless, children and teenagers,
immigrants, and refugees.
The post-9/11 brigade of security-at-all-costs zealots would love for
regulators to shut the prepaid anonymity window. They worry that terrorists
and money launderers will abuse prepaid cards. The anonymous prepaid window
has only stayed open because these zealots have been countered by a
collection of banking lobbyists who want to keep doing business with the
unbanked and politicians who care about the disadvantaged.
I'm neither unbanked nor underbanked. I've got several bank accounts that I
often use. Nor am I buying these cards as gifts. So I'm not really the target
market for non-reloadable debit cards. My ability to get anonymous access the
digital payments system is really just a by-product of the wider effort to
make it easy for the unbanked to plug in. This is a precarious position for a
privacy-conscious individual to be. In the U.S., where only ~93% of the
population is banked, the constituency for anonymous prepaid access is
relatively large. But in places where the banked population is approaching
100% (Canada, Finland, Germany, Netherlands, Denmark, Belgium, Sweden, UK),
there is probably diminishing political support for providing anonymous
access to the banking system.
In Europe, for instance, the window for anonymous access to digital payments
seems to be closing. When the EU's 4th Anti-money laundering directive was
passed in 2015, up to €250 in electronic money (the EU's term for prepaid
instruments that reside on a device, say a card or a phone) could be bought
without being asked to give up personal information. With the
passage of the 5th Anti-money laundering directive in 2018, this amount
has been reduced to just €150. And a new ceiling on online purchases of €50
was introduced. As I wrote in my
recent Breakermag article, such a tiny amount of anonymity just isn't
that useful.
One thing I've noticed about prepaid financial anonymity is that it is
expensive. My first Vanilla card had a face value of $25. But I had to pay an
onerous $3.95 to activate it. Buying higher value cards defrays things, but
it still costs $7.50 to activate a card with a face value of $250. That's a
3% levy. Keep in mind that when I use an anonymous prepaid card not only am I
paying the activation fee, I am also forgoing the 2% cash back that my not-so
anonymous credit card would otherwise provide me with.
Think about it this way. Let's say I decide to buy my groceries anonymously
using a prepaid card. My $250 only gets me $242.50 worth of goods ($250 less
the $7.50 activation fee). With my credit card, I can get $255 worth of food
($250 plus $5 cash back). That's an extra $12.50 in spending power if I decide
to go the non-anonymous route. Sure, by using a prepaid card I've prevented
my grocery store from being able to collect information about my eating
habits. But is the $12.50 I've given up worth it? (Incidentally, this
calculation also indicates how costly it is to be unbanked!)
While prepaid anonymity is handicapped by a low ceiling and high fees, the
drawbacks don't stop here. While non-reloadable prepaid debit cards are great
for buyers who want small amounts of privacy, they don't help out retailers
who want privacy. In a recent article, privacy advocate Timothy May made a
great distinction between buyer privacy and seller
privacy:
I like the distinction that Tim May draws
between "buyer anonymity" and "seller anonymity."
As consumers we tend to focus on the former. But anyone who is selling a
controversial product (i.e. birth control information) also needs protection
from tracking https://t.co/2cFguzsn6G pic.twitter.com/6NHf3x46zf
— JP Koning (@jp_koning) October
20, 2018
If someone is selling a controversial product (May uses birth control
information as an example), they must always be wary of snitches who buy from
them only to report the sale to the authorities or post it to social media.
Controversy-wary payments providers will quickly cut the seller off. To
protect themselves, sellers need a payments method that doesn't leave a paper
trail. They also need a payments system from which they can't be censored.
Cash is a good example—it doesn't leave a paper trail and is censorship
resistant. So are privacy-friendly cryptocurrencies. But prepaid cards don't
cut it. The seller can easily be reported to the network and banished.
The last drawback of non-reloadable prepaid debit cards is that they can't be
used to make anonymous person-to-person payments. As far as I know,
there is no technical reason that I shouldn't be able to use my Vanilla debit
card to anonymously send $100 to anyone else with a Visa card, just by
inputting their card number and clicking send on a website. In theory, this
payment should get pushed across the Visa network.
But there are regulatory reasons that I can't do so. In the U.S., the
Financial Crimes Enforcement Network (FinCEN) prohibits anonymous debit cards
from offering person-to-person capabilities, and I believe the same rule
applies in Canada. Cash and privacy-friendly cryptocurrencies do allow
for anonymous person-to-person payments.
In sum, non-reloadable prepaid debit cards allow for a small extension of
one's financial privacy. But in an age where the ability to make payments
without someone snooping is getting increasingly rare, I suppose we have to
take whatever crumbs we can get.