Is it better to use Paypal or link the credit card directly for payments?

I know it’s not ideal, but I don’t live in a country with access to payment masking services, and as far as I can tell, there’s no way to get prepaid cards here without giving up an ID.

Short of trying to circumvent KYC laws with those prepaid cards (which I’d really rather not do), it seems the only choice I have is to choose between giving a service my card info directly or try and use Paypal as an in-between.

Is one of these better than the other? Is there a meaningful difference between the two?

Personally I use straight Credit Card because I have the same issue as you (or at least my imagination and creativity in problem solving fails me as well).

No need to involve paypal. I think theyre a worse offender for privacy.

I’d like to add that one good thing of using PayPal would be that you avoid giving out your card details to every site you purchase from, so there’s less risk of your card details ending up exposed because of data breaches.

For that, some financial entities provide single-use card details, so you could use that.

I feel like the same transaction detail will be sold to the same data brokwrs eventually.

The prepaids aren’t accepted everywhere afaik but this sounds like a good compromise if it will be accepted as payment.
Not having to deal with paypal, keeps your real credit card off a website.

I would be very surprised if paypal info is easily findable in the public data dumps tbh.

but that’s just me bring optimistic.

PayPal as opposed to… what? I’m not sure what you’re comparing PayPal to here, but when you “link the credit card directly” it still ends up being registered with a payment processor, be it PayPal or some other company. It’s typically not registered with the company that runs the website that you want to make a purchase on.

What do you mean by payment masking services? Something like Blur/IronVest where you can get a virtual card number? Can you get Revolut? You can get the same service with Revolut, if you are not a resident of USA and you can’t get a Blur account or a Privacy.com account. Otherwise, a prepaid card might work. Why is that problematic? If prepaid cards are legal in the country, I don’t see why it would be seen as rounding the KYC law. I think you worry too much.

Are you saying you give your card details to PayPal and then PayPal follows you around, and whenever you need to make a payment and the site allows payment with PayPal, you can make a quick payment since you’re already logged in on PayPal at that site?

Like Klarna Checkout? I absolutely hate Klarna because of this. I think they are aiming to become the new PayPal at very least, or even replace Visa and MasterCard. It’s so frustrating to find something I like on a website, and I want to buy it, and when I go to checkout I find that they are using Klarna Checkout. Which typically means that Klarna has taken over their whole cash register. Then they ask for things that are none of their concern, like what my phone number is, and where I live, and I can’t skip those questions to place my order. It’s not the company I’m buying from that I’m sharing this info with, it’s with Klarna. I would assume that PayPal works the same way.

I have stopped buying from these stores. Klarna can be implemented differently, so that the customer still has the option to select a different card payment processor at checkout. Preferably one that doesn’t ask you a bunch of stupid questions just to annoy you, and to collect your shopping habits. But stores that go all in on Klarna Checkout, they get a better price from Klarna.

I have a PayPal account, but I rarely use it. I typically use PayPal as a payment processor when I have to. So I don’t log in to my PayPal account or use PayPal credit to make a payment.

This is the proper way to do it. I use a single use card from Revolut for this, which automatically generates new card details each time I make a purchase with it.

This is true. I learned this by using a virtual card from Revolut to add it to a service subscription on Vultr. It was not a single use card. It was a proper card for multiple uses, but it was a virtual card, and that made it recognized by Vultr’s payment processor (which they refused to disclose the name of) as a prepaid card. It had to be validated to remove the suspicion. I think I did that by adding an amount to my account balance on Vultr, and then making a payment. After that, all subsequent payments have been withdrawn automatically from that card, so it works. But it was not friction free.

Yes, that’s sort of what I meant. You’d be giving PayPal your shopping habits instead of your bank. But in terms of security, only PayPal knows your card number, so there are less chances of your card number ending up leaked, as it will only be leaked if PayPal suffers a data breach. Using your card details to purchase on each seller on the other hand means that if any of those sellers suffers a data breach, your card number will be leaked.

And also I’d guess that PayPal has better security measures in place to avoid data breaches, compared to small online shops that might be using an outdated wordpress version with many no longer maintained plugins. And their employees are probably more vulnerable to spear phishing and have more access to data that can be exploited by the attackers.

So not only you are exposing yourself to a wider attack surface, but also probably most of those sellers are more likely to end up with data breaches.

Swappa gives buyers the option to use Paypal without an account:

Buyers can check out as a PayPal guest using a credit or debit card by clicking the PayPal button and then clicking Pay with Debit or Credit card

Based on my experiences of shopping on Swappa, it’s up to the seller to enable this option. I’m not sure if this is a common option on other online marketplaces/storefronts though.

Revolut is only available to select countries.

The comment regarding Paypal “as opposed to what” is valid, but I was hoping people would respond with what they did in general.

The KYC laws applied to the prepaid cards. To get prepaid cards in my country, I have to give up an ID, tying my real name to the card.

I was hoping I could avoid doing this or at least shift the trust to another party because the state of the IT sector in my country does not lend me much confidence.

Since you mention this, one possible option you could consider is using Apple Pay if you already own an Apple device.

Having set up and used Apple Pay recently, there are some caveats that may be a dealbreaker for you:

• This is a non-option for those who don’t own an Apple device, and I do not recommend purchasing one just to use Apple Pay.
• I have not attempted to use Apple Pay without an Apple ID, but if you do have an Apple device, then the following caveats about Apple ID might also apply: Why exactly are iPhones a nightmare for privacy enthusiasts? - #2 by anon30510143
• To add a card to Apple Pay, you are asked for the information on your card (i.e., name, expiration, CVV). When making your first purchase using Apple Pay, you are asked for the information that would be asked of you whenever you make an online purchase (i.e., name, billing address). You are, as you mentioned, shifting trust to Apple instead of the merchant(s).
• Apple Pay is not accepted everywhere (e.g., Amazon).

If the choice is between giving my shopping habits to PayPal and my bank, then it’s not much of a choice at all. Also, I would assume that PayPal is in fact a bank! If you like the color blue, then let PayPal be your bank. I have not looked into it, but I believe it is registered as a bank in some countries in Europe.

Also, there is more than one PayPal. I already mentioned Klarna which is increasingly more common in Europe, and they have expanded to USA. In fact, they are currently the leading BNPL (buy now, pay later, a.k.a. invoicing/crediting) provider, holding 29% of market share, ahead of “PayPal Credit” with 24.2% market share, according to fresh Wappalyzer analytics. Just like PayPal, they are collecting shopping habits.

These companies are becoming unavoidable if you want to buy something online. Even when you want to pay for something with a debit card, with money going straight from your bank account to the seller’s account, via the payment processor of course. So even when you don’t buy with a credit/invoicing/BNPL, you still can’t avoid them and they will keep collecting your shopping habits until more people wake up and start protesting.

Just like you say about PayPal, when you buy something on a site that uses Klarna Checkout, your credit card information is safe with them (at the expense of your shopping habits). Credit card information is not stored on the site you’re buying from. It’s too big of a risk for the sellers to handle that sort of data themselves. I think that may even be against the law, they need to be accredited to handle that themselves. That’s why payment processing companies exist. Both PayPal and Klarna can fill in for that. But they are not the only ones.

PayEx is another example! PayPal, Klarna… these are all different buckets you place your trust in when you shop online. They are not the ones you’re buying from. But they handle the transactions and the relevant data. I personally like PayEx. They don’t ask any questions, like what my street address is, what my phone number is and so on. They purely focus on the actual banking transaction, like a bank would. The rest of the stuff, like what my phone number is, is left to the site to decide if they should make it a mandatory field when I place an order. I can’t elect to buy with PayEx, because unlike PayPal, they act in the background, and you will not even notice you’re relying on them to do the processing if you don’t pay attention to the page footer and the logos at checkout.

There are more examples like PayEx. There is one that I think may be a global payment processor, something responsible for all MasterCard or Visa transactions, something I have only noticed in my network activity when I buy something online. I don’t remember the exact name… it’s like “Acrot”… or something like that. I can almost guarantee it their domain name will appear in your network logs when you make a payment online. I know the name reminded me of an old British computer company.

So basically, if a seller/site is stuffing credit card information, they are doing it the wrong way. It should never be stored with them. But I know many will offer you the option, like “would you like us to save this card for you, so you can shop more easily the next time?” Making your life “easier”, one step at a time.

I’m not familiar with Swappa. But what you said about seller having to enable this reminded me of Klarna. I think it’s similar or the same with PayPal. It all depends on how it’s implemented. It’s good that the sellers have these options, different ways of implementing these solutions, but if it were up to me, I would make them all default to an implementation that collects least amount of data and least hostile against consumers. Minimal knowledge, if not zero knowledge!

Because what it comes down to is that these big companies are acting like financial funnels, they are forcing themselves on sellers, sites and marketplaces. They either give them a “good deal” they can’t resist and then take over their entire register, to “make it easy” on them, or otherwise. Let’s face it… most small sellers don’t know much about these intricacies of technology, they just want to sell something and make a buck/dollar.

Then you need to look for an alternative that will let you create disposable card numbers. To tell you the truth, this is the main reason I signed up for Revolut.

The reason you may not know what to compare PayPal with is because their counterparts work in the background when you go to the checkout page of a site you’re shopping on, and they don’t collect more data than they need on you to finalize the transaction. You may want to read my other comment for more context on this.

Thank you for clarifying. I know the feeling. In my country, it is now enforced by law to register a prepaid SIM card to a social security number. All in the name of stopping criminals. The government is at least 5 years too late with that, the criminals have already moved on to E2EE chat apps like EncroChat. They only ended up damaging privacy concerned people, financially aware people who don’t want to fall in the trap of having a telco contract, and old-fashioned journalists who used prepaid cards to stay anonymous. But you know what they say… if you have nothing to hide… then you have nothing to worry about. Yeah, right!

I would still recommend finding an alternative to Revolut that lets you create disposable card numbers. But be aware, that you still need to sign up for that service, and you are placing your trust in that company. With Revolut, I had to give away a photo copy of my passport to get in. They are a payment provider, although they are awaiting British banking license. They need to follow the KYC laws like everyone else. My point is, you have to give away some of your privacy at some point and to someone.

If you fail to find a service like Revolut, then I would suggest you go with a prepaid card. That should be good enough. I have heard of these before, but we don’t have them where I live. I think they existed last time in 2004 or so, a long time ago. We hardly use any cash here anymore. If it’s not Visa or MasterCard debit/credit cards, then it’s some sort of digital payment solution, and there are several. But I like old school stuff like prepaid cards. Or even cash! But cash is not accepted online unfortunately.

I don’t. I log out and I don’t log in unless I have to. But as I recall it, both PayPal and Klarna Checkout have that option to “remember me”, and that then gets applied to all the sites that use the same payment solution and specifically that particular “Checkout” implementation. It is enabled by default. All to “make your life easier”, or rather, make your wallet lighter. So you have to opt out if you don’t want it (of course I don’t). They are devious like that.

So, according to everyone what was the consensus?

According to my research, Privacy Guides recommends cash and gift cards for anonymity, and “payment masking services” behind the previous methods for: “These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and not for making a purchase completely anonymously.”

According to your post, payment masking services aren’t available in your country. From what I gathered, Privacy Guides actually recommends using your bank as a payment masking service if possible: “Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information.”

So, according to what I have learned, check if your bank offers a “virtual card”. My bank is Westpac, so I came across the following website:

I had to download the Westpac app (as it says above) and then I got a “digital card”, which Westpac says: “Dynamic CVC reduces the risk of fraudulent card activity by 80% as it refreshes your Westpac Digital Card’s 3-digit security number every 24 hours – making your card details even more secure.”

My question is, is this digital card a payment masking services, i.e., a virtual card? Is a virtual card the same as a payment masking service?

This might be more secure, but it doesn’t increase your privacy because your card number will still be the same across merchants, and that’s what’s used as a tracking identifier. You need a full unique virtual card number to mitigate cross-merchant tracking.

Could you propose a solution? Also, doesn’t having a randomised card make it impossible for scammers to use your actual card to steal your money?

Better to use credit card payments only. Data is only generated with your banks.

Paypal will take the money from the bank, sometimes tell the bank to where, etc, and now you have the bank + paypal knowing.

Paypal is there to make purchases faster. Privacy was never in the equation.