Shopping online has become an increasingly popular activity over the past several years. The more people trusted technology, the more money they spent on online stores. Unfortunately, shopping online presents its own set of risks, including identity and credit card theft. Some new companies emerged from this need to have better protection from identity and credit card theft while other tech giants simply created a competing service. With the use of these services, we all eventually felt more secure with the idea of purchasing from online retailers driving both the adoption of these payment services and the popularity of online retail.
There’s an old adage that states “all good things must come to an end”. It seems as if online payment services are no exception to this idea. If you regularly use PayPal, Google Pay, Apple Pay, Samsung Pay, or Amazon Pay, you should know that these companies are becoming increasingly interested in controlling how you can spend your hard-earned money while collecting as much data as possible from your spending habits. Thankfully, there are newer services that solve the same problem for you while respecting your privacy more!
There has to be a two-pronged approach to assuring our online spending remains free and secure.
- Consumers must stop using services like PayPal, Google Pay, etc
- Online retailers and services must stop including these as payment options while using secure, censorship-resistant payment processing services in their place
In this post, I will touch a little on both prongs. Since this issue concerns your money, I ask that you do your own research on the topic as I am not an expert in payment processors, virtual credit cards, etc. I am merely trying to raise awareness of an issue and provide some suggestions regarding censorship and privacy.
The Problem That Needed to Be Solved
Let’s consider, for a second, why services like PayPal are particularly useful. In the modern world, shopping online has become commonplace. The idea of ordering things from the internet was slow to take off as many were concerned about security and getting scammed. Over the past decade or so, those fears have been eliminated for the most part, and most people are are not only comfortable purchasing goods and services online but do so often.The last part of any online purchase is entering payment information. This is where services like PayPal, Google Pay, etc come in. Normally, you would simply enter your credit or debit card information, billing and shipping address, and your purchase would be complete. If you shop on many sites, this means you are trusting the security of each one of those sites with not only completing the transaction but also potentially storing your payment information. Smaller sites, often times, are struggling just to stay functional, so why should we trust them with our payment information? Better yet, why should we trust a laundry list of sites with the same payment information over and over?
Thankfully, there are payment processors these days to eliminate the challenge of creating a secure checkout experience. Companies like Stripe offer APIs for developers that allow payments to be taken easily and securely for a small fee. This makes sense because the programmers at a company like Stripe do nothing but focus on payment security, laws, etc so, by using their service on your website, it is almost as if you hired a team of developers to create the most secure and feature rich payment processor available without having to pay large developer salaries.
Another option for retail websites is to integrate PayPal, Google Pay, Apple Pay, etc into their payment options. Again, this makes the checkout experience much more secure for any website with the additional convenience of filling in billing address and contact information as well. From the viewpoint of the customer, you are only giving your information to one company and they are using it to make purchases across any website in which you opt to use it. It’s a win across the board for everyone.
The gist here is:
- As a company, processing payments can be one of the most difficult parts to do correctly as it is rife with security concerns and legal liability.
- As a customer, entering your payment into many websites increases the likelihood that your information is leaked/stolen which can cause you great financial harm and inconvenience.
- Online payment processors like Stripe and services like PayPal solve both issues.
The Big Companies That Solved This Problem Have Become Predatory
Unfortunately, we live in a time where companies are taking a political stance. To me, a business should just continually improve upon their product or service and make it as widely available as possible. That’s how you make money! Instead, many companies are now getting vocal on social media about politics and have let political viewpoints change how they operate. It is beyond disgusting, and it makes little to no sense for a business to get political unless they are trying to gain power or influence outside of the realm of their regular business operations.
That said, I will not include any political conversation here about why I feel like these companies are continually becoming more anti-consumer with their practices. Instead, we will focus on the usual: privacy, security, and censorship.
In my mind, it is as simple as this: it is your money that you earned so you should be able to spend it however you see fit, PERIOD. As it turns out, some of these payment services, like PayPal, no longer share that view.
Let’s consider the case of Larry Brandt, a long-time supporter of internet freedom who used his money to fund servers to host Tor nodes. If you’re not familiar with Tor, just know that it is a network in which the internet traffic is anonymized offering additional privacy and circumvention of country-wide censorship. It is similar, in ways, to a VPN. In March 2021, Larry discovered he could not pay his server hosting company in Finland using his PayPal account anymore. PayPal’s website offered him no help, only showing a banner stating that they would no longer be providing their services to him because of the “nature of his business”. In short, PayPal decided they don’t like it when people support the Tor network so they closed Larry’s account. You can read more details HERE.
More recently, we’ve learned that PayPal is working with the ADL (Anti-Defamation League) to shut down the finances of any group the ADL deems “extremist”. Using their vocabulary always paints the situation in a more positive light. The problem with this practice is that the definition of “extremist” is not clear and will always be a moving target. Let’s say you sell T-shirts with memes or political satire on them. The ADL could decide one morning that you are an “extremist” group and have PayPal shut down your account destroying your revenue stream until you migrate your site to another solution. Maybe you sell guns and they decide they will no longer allow their service to be used for gun purchases. The possibilities here are endless, and the definition of “extremist” will never be consistent. Your business’s livelihood is at the mercy of the ADL which has become a hyper-partisan, politically motivated organization.
PayPal is the easiest to pick on right now because of the amount of news surfacing regarding their decisions to terminate accounts from their platform. Even one of PayPal’s founders, David Sacks, has spoken out about his dissatisfaction with their current direction. The fact is that companies like Google, Apple, Samsung, etc have been doing the same thing for years as well. Trusting their payment services will likely cause you the same headache, eventually. There are many reports of this type of behavior from these companies spanning the last few years, but it seems as if they are all considerably ratcheting up their restrictions lately, and we can only assume it will get substantially worse.
As I would rather spend more time writing about alternatives to these services as opposed to the problems with the mainstream services, here are some additional links that shine even more light on the issue, and you can find MANY more with a simple search (don’t use Google, though). Remember, whether you believe in the politics of an organization that is attacked by these companies is irrelevant as you could still end up in the crosshairs of these companies eventually even if you align with their politics now.
How Should We Approach Payments Online?
At this point, I hope you understand why a payment processing service is valuable to both a consumer and an online retailer or service. I also hope you get the general idea behind why it is a problem when these sorts of companies decide that it somehow their responsibility to limit where and how you can spend your money. NO ONE is going to tell me how I can spend my money except my wife, but she’s pretty liberal with letting me buy things!
This leaves us with a void to fill. Who should we trust to store our payment information and process our payments online? Well, the answer is a little complicated, but for good reason. Other than the big-tech companies who are all in favor of destroying your privacy and controlling where you can spend your money, there aren’t a lot of options. The good news for retailers is that there ARE some newer services that have seen the demand in the market for censorship-resistant payment processors and have made the early attempts to fill that void! For consumers looking to make purchases or donations without fear of ending up on a list or having a transaction blocked, there’s a different type of service I’ll cover that can be used in place of services like PayPal, Google Pay, etc.
Before I make some suggestions, I’ll add a disclaimer here to say to do your own homework! I have obviously researched this topic a bit myself as I am currently exploring my options for my own personal use from both the retailer and consumer side, but I do not have any real experience using these services yet. I feel comfortable suggesting the following services based on my findings so far, but I am not yet sure how well they work nor do I have experience to speak to security, how well they react to problems, etc.
As a Consumer, Consider Using a Virtual Credit Card
These online wallet-type services like PayPal, Apple Pay, Google Pay, etc have made shopping online almost too simple. You can just click through the checkout process of any website that integrates one of these services if you have a consumer account with them. Your address, contact info, etc can usually be auto-filled once you select the service as your payment option and your bank or card and you’ve already stored a payment method with them. At this point, there’s not much more to do than to review the transaction and submit it. It can’t get much simpler.
That simplicity has made the online shopping experience much quicker and easier, but it can also make us feel a bit trapped. I used PayPal for years and have gotten to a checkout section of a small website, saw that PayPal wasn’t an option, and questioned whether I trust this terribly built website to run my debit card. I can’t say for sure, but I think I’ve even stopped the checkout process and looked for another site with the same item before. This is one downside of using a service like PayPal.
For the sake of brevity, I’ll represent “virtual credit card” with VCC going forward.
If you want to spend money on any site and wish for the same level of security, consider a VCC service. For those of yet not familiar with what these services do, here’s a quick overview:- You create an account with them and link a bank account or credit card, much like any other payment service- When shopping online, you either open your chosen VCC app in another tab or, if applicable, open their browser extension- The service generates temporary credit card information for you. Think of this as a gift card that can only be used once.- You then enter that VCC as your payment method.- Your VCC service takes money from your linked bank account or credit card to pay for the thing you just bought with your “burner” VCC number.
In this scenario, you didn’t have to give your actual credit or debit card info to yet another vendor. Your VCC service created what you can view as a “burner” card for your purchase and used money from the account you linked to funding it. If you opted for a onetime VCC number for this purchase, that VCC is closed after the purchase is made so, even if the retailer you just purchased from has a security hole or gets hacked in the future, that number is no longer associated with your actual bank account or credit card. Using this approach, it is easy to see how this eliminates many of the risks associated with online shopping. I like to view a virtual credit card service in the same light as a password manager as not only can you just generate virtual credit cards, but there are usually browser extensions and mobile apps for many of these companies adding convenience to using them cross-platform.
After a bit of research, I opted to try Blur. They offer credit card masking as well as phone number and email masking, anti-tracking features, a password manager, and more. At the moment, I’m only interested in the payment-related features and I’m more than happy with Bitwarden as my password manager, but I might try the email and phone number masking, eventually.
The setup is simple. You register an account, add a payment method, download the browser extension and mobile app, and you’re ready to go. When you reach the checkout part of a purchase on your computer, the extension will allow you to auto-fill with a VCC. On your phone, the app does this for you.
The one thing I will say is, being that I use a COMPLETELY de-Googled phone, I use the Aurora Store for my occasional non-FOSS needs and the search functionality in the Aurora Store sucks! I could not find the Blur app through searching, so I clicked the Play Store link on their website and told my phone to use the Aurora Store to open the link. Doing this opened the Blur app page in the Aurora Store, and I could download it with no problems. I run MicroG on my phone, which is an open-source library that emulates some of the most basic functionality of Google Play Services for the sake of app compatibility and without the telemetry, but I am not sure at the moment if that is even needed to use the Blur Android app.
As a Retailer, Consider Using a Censorship-Proof Payment Processor
If you run an online storefront of any sort, you should be concerned about who you trust to handle your payment processing, especially if anything you sell or even say on social media might, someday, get you blocked by the authoritarian tech-giants. It would be difficult to take orders if your payment processor decides they no longer wish to allow purchases to your business to be completed!
Stripe is one of the major players in this field, as they have great security and can accept many payment options. Also, developers find their API easy to use. The problem here is that, while not yet a “tech giant”, Stripe is big enough to potentially fall victim to this sort of censorship practices eventually, especially if they feel pressured to do so. Aside from that concern, Stripe is an excellent choice for processing payments. In the end, you have to decide which company you trust to handle this!
There is a newer company that promises to get out of the way and simply process your payments. With a motto like “Advanced payment processing, powered by freedom”, AlignPay claims to have 24/7 support, and easy-to-use API, secure payment processing from multiple payment types, and will never sell customer PII all while promising to never pick sides. Basically, they want to do what you pay them to do; process payments and nothing else. No policing of your social media, no banning your account because you sell an offensive item. They just want to process your payments! I’m not gonna lie, their website looks like some cookie-cutter, amateur hour template. That is somewhat common for newer businesses as they just have to get something out the door quickly, though. My last day job threw together an even worse site using WordPress at first because all of our frontend developers were busy working on the products. Don’t read too much into a company having a bad website if the company is new!
Aside from AlignPay, I couldn’t find any other great options, and I tried for a while. Gab is getting into this space too, but I have little faith in them. They’ve done some interesting things with infrastructure to make themselves censorship-resistant and I commend them on that, but I question their leadership and direction.
The need for a “censorship-resistant” product is a newer one that was brought on by cancel-culture and escalated after Parler was purged from all mobile stores and even Amazon’s servers. It will take some time for more entrepreneurs to start up some more businesses of this nature. There will be more options in the future, though. I truly believe that!
Additionally, consider a payment processor that accepts cryptocurrency. I know, there's a lot of stigma surrounding crypto right now, but many folks invest in and use crypto regularly these days. There's no more private and, arguably, secure way to make and accept payments!
Buy From, Donate To, and Sell What You Want Without Fear!
No one should ever dictate what you can buy or sell as long as it is within the guidelines of the law. The fact that some of these big-tech companies think it is acceptable to selectively allow transactions to occur based on their own world-views is reprehensible, despicable, and a slippery slope that leads to less freedom for all of us.
Don’t let these companies hit you where it hurts the most: your wallet. You can still make purchases online using a virtual credit card service and keep the same security and privacy you had using services like PayPal. You can also protect your business from having your payment processor account shut down without warning. The more we opt to use services that preserve our freedoms while respecting our privacy, the more we send a message to the tech giants that we will not stand for their tyranny! Plus, competition drives innovation, and we all know that these spaces have been monopolies for too long.