I’ve been thinking about how to conduct online shopping. I’m not thrilled about the idea of buying gift cards with crypto for a couple of reasons, and using cash to buy them at the store seems like a giant pain. But I’ve noticed that every online shop I visit. So what about buying a gift card using a credit or debit card, and then using that gift card to buy whatever it is I want?
The idea is that the shop only sees a purchase made with a giftcard paid for by a card they don’t know all the details of, since by my understanding, businesses are required to get rid of all credit card data on a receipt except the last 4 digits to prevent identity theft, and my bank only sees me buying a gift card to a certain shop, so nobody has the full picture. Does this work for what I’m trying to do, or is there something I’m not accounting for?
It depends on your threat model. Your proposal basically summarizes the purpose of a company like privacy.com but with gift cards instead.
If you need to hide your purchase, someone can easily figure out that you bought a gift card that was conveniently use for another purchase. At least with cash or crypto, it helps obscures your purchase a bit.
If you’re just trying to avoid sharing your credit card info everywhere, then these steps might make sense? But at that point, you might as well rely on privacy.com instead of buying gift cards repeatedly.
On the tools page, it says payment masking services don’t hide anything from the bank. Does that mean the bank can clearly see every purchase I make with a service, or just that they’ll see whenever I move money to it?
It’s important to note that these financial services are not anonymous and are subject to “Know Your Customer” (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and not for making a purchase completely anonymously.
Key concept here are KYC laws. The bank knows that you sent a payment to the payment masking service, but the payment masking service knows about your subsquent online shopping activity.
Lets compare it to your idea. When purchasing an online giftcard, the bank knows that you bought a gift card and the vendor knows that you used a gift card. Since this transaction is conducted online, it is very easy to deduce that you utilized that gift card if your threat model involves a government actor. Otherwise, you shouldn’t be too worried about these type of things.
If this is a concern for you, I highly recommend you learn about fingerprinting.
If you’re talking about browser fingerprinting, I already know about that and use Mullvad browser+VPN. If not, please elaborate on what you’re referring to
For gift cards, when you go online to check the balance, it also shows the line-item purchases. The bank that underwrites that gift card knows everything that was purchased with that card. I can’t say for sure if they know your real name from when you bought the gift card with your real credit card or from filling out your real name for online purchases, but I would bet they can figure it out. Also, for example, if you buy a visa gift card with a visa credit card, then visa knows everything.
If you’re just trying to hide certain online purchases from your wife, then you’re fine with buying gift cards with your credit card (assuming she doesn’t ask about the gift cards). But any government authority can easily trace those purchases back to you if they bother to check.
