Revolut virtual cards: what they do and what they don't

Ask in any privacy forum what UK users should use instead of Privacy.com, and the answer is almost always Revolut. Revolut offers disposable virtual card numbers. The card number changes with each transaction. That sounds like the same mechanism.

It is not.

Understanding the difference tells you exactly what virtual cards can and cannot protect, and why the gap in the UK market is real.

What Revolut's virtual cards actually do

Revolut's disposable virtual card feature generates a new 16-digit card number for each transaction. Once used, the number expires. A merchant who stores that number cannot use it again. If Revolut's systems are breached, the exposed numbers are already dead.

This is a genuine security benefit. It reduces fraud risk from card number theft.

What it does not do is change the identity attached to those numbers.

Revolut issues every card number, standard or disposable, in your real name, against your verified Revolut account. When a merchant processes a Revolut virtual card transaction, the name on the card is yours. The billing details are yours. Revolut knows exactly who you are and what you bought.

The card number changes. The identity does not.

Why this matters for payment privacy

The goal of payment identity privacy is not to prevent card number reuse. It is to prevent building a profile that links your purchases to your identity across merchants and over time.

A disposable card number issued in your real name still creates that link. The merchant receives your name at checkout. Your purchase is recorded against your identity. If that merchant shares transaction data with analytics firms or data brokers, which many do, your real name travels with it.

Carissa Véliz argues in Privacy is Power (Ch. 1) that everyday commercial transactions are the primary mechanism by which personal data enters the commercial surveillance economy. The problem is not the card number. It is the identity the card number carries. A new number with the same identity attached solves a fraud problem. It does not solve an identity problem.

Where the rotation stops working at all

The rotation has another limit most users discover the hard way. Revolut's disposable virtual cards are classified at the payment-network level as prepaid. Many subscription and trial merchants decline prepaid cards as a matter of policy, because prepaid balances can run out mid-subscription and because fraud rates on prepaid instruments are historically higher. Streaming services, gym memberships, SaaS tools, and most free-trial checkouts apply this policy.

This means Revolut's disposable card does not work for the use case most readers wanted it for. You cannot protect a Netflix subscription by rotating the card number each month, because the card is declined at sign-up.

The issue is structural. A card classified as prepaid cannot reliably serve the subscription-protection use case no matter what else the product does well.

What Revolut does with your data

Revolut updated its privacy policy on 12 November 2019 to share user data with credit bureaus, social media companies, and analytics firms by default. Existing users were opted in automatically and had to contact Revolut to opt out. The Irish Data Protection Commissioner contacted Revolut at the time to raise questions about GDPR compliance, as Silicon Republic reported.

The current Revolut UK privacy policy confirms that personal data may be shared with social media providers for advertising purposes, and that opt-out is the mechanism the user must actively invoke.

A 2020 technical investigation by security researcher Hugo Batista captured Facebook SDK network calls firing from the Revolut app even after the social-media opt-out toggle had been switched off in app settings. The discrepancy between the stated opt-out mechanism and observed application behaviour has not been formally addressed.

A virtual card service that uses your transaction data for advertising is not a privacy product. It is a financial product that happens to issue disposable card numbers.

The specific problem Revolut does not solve

The Privacy Guides community's position on Revolut is consistent and correct. When asked whether Revolut's virtual cards provide meaningful payment privacy, the answer is plain: they do not. Revolut's virtual cards address security, not identity.

Your card number is a persistent identifier that links your purchases into a profile. That profile reveals, over time, your health conditions, your spending habits, your political and religious activities, your financial situation. Merchants store it. Data brokers buy it. Insurance companies price risk against it.

A disposable card number does reduce its utility to a thief. It does not remove the identity link from the transaction. Your name was still on that card. The purchase was still recorded against you.

What user-controlled tokenisation actually requires

The card industry already uses tokenisation for security. Apple Pay and Google Pay replace your real card number with a device-specific token. The merchant never sees your actual card number. This is a meaningful improvement.

The limitation is that the token is persistent. The same token appears across every Apple Pay transaction you make with that card. Merchants who accept Apple Pay can still build a cross-merchant profile over time.

No UK option offers user-controlled tokenisation: a card number that is genuinely unlinkable, not just expiring, but disconnected from your real identity at the merchant level. The merchant receives a confirmed payment. Your real card number, your name, and your purchase history are withheld.

That is what eigin is being built to provide.

The waitlist is open for UK residents. Join it here.