There is no UK Privacy.com: why the gap exists and what is coming

UK users have been asking for a payment privacy tool for years. The answer they keep getting is: use Revolut. Or a prepaid card. Or Apple Pay.

None of these do what they are asking for.

This is not a niche complaint. It appears in the same forums, in the same threads, year after year. The Privacy Guides community has a thread on it from 2023. The top answer, from a moderator, is four words: "There is no option."

That answer is still accurate. Here is why, and what is being built to change it.

What UK users are actually asking for

The product referenced most often in these threads is Privacy.com, a US service that issues disposable virtual card numbers. Each number is linked to your real funding account but is not your real card number. When a merchant charges the virtual number, the transaction settles normally. The merchant receives payment confirmation and the virtual number. They do not receive your real card number.

The numbers can be locked to a single merchant, set to expire after one use, or capped at a specific amount. A subscription can be cancelled by deleting the card. A free trial can be taken with a number that expires after the first charge.

The card industry already uses something structurally identical. Apple Pay and Google Pay send a token to the merchant rather than your real card number. What these threads are asking for is user-controlled tokenisation: the same mechanism, applied at your discretion, per merchant, on your terms.

Privacy.com provides this for Americans. It does not operate outside the United States.

The gap is commercial, not legal

The most common misconception in these threads is that a product like this is somehow illegal in the UK due to anti-money laundering regulations.

It is not.

People conflate payment privacy with anonymity. They are different things. Any service issuing virtual card numbers knows exactly who you are. The privacy is at the merchant level, not the issuer level: the merchant receives a virtual number, not your identity. You are fully identified to the payment provider. The merchant is simply not the payment provider.

This is structurally identical to how Apple Pay works. Apple Pay is legal in the UK.

The reason the gap exists is economics. US interchange fees, the revenue card issuers earn on every transaction, are significantly higher than UK and EU rates, which are capped by regulation. A US service can offer virtual cards on a free tier because the interchange revenue supports it. Building the same product for the UK requires a subscription model. That is a different commercial challenge, not a legal barrier.

The gap is not a regulatory accident. It is a market that has not been served.

Why the alternatives do not work

Carissa Véliz argues in Privacy is Power that paying with cash is the most direct form of financial privacy. Cash leaves no data trail. The merchant knows you have paid. Nothing else crosses the counter. Digital payments removed that property without asking. The alternatives recommended in its place come close but do not solve the problem.

Revolut virtual cards generate a new card number for each transaction, but every number is issued in your real name. The card number changes. The identity does not. For a detailed analysis of what Revolut's virtual cards do and do not protect, read our full breakdown.

Prepaid cards provide a separate card number, which creates some distance from your main account. They do not offer merchant-locking, single-use numbers, or spend controls. They are a coarser instrument than what these threads are asking for.

Apple Pay and Google Pay tokenise your card at the device level. The token they send is persistent: the same token appears across every Apple Pay transaction you make with that card. A merchant who accepts Apple Pay multiple times from the same customer still builds a transaction record linked to a single persistent identifier. The fraud risk is reduced. The identity link is not.

The gap is real. Every thread that recommends Revolut as the answer knows it is not the answer.

What the regulatory framework already says

UK law already treats your financial data as yours.

The UK GDPR's data minimisation principle requires that organisations collect only what is strictly necessary. A merchant who stores your real card number indefinitely holds data beyond what processing a payment requires. PCI-DSS rules specifically prohibit storing the CVV after authorisation for exactly this reason.

The FCA's Consumer Duty, in force since 2023, requires firms to avoid causing foreseeable harm to consumers. A payment infrastructure that normalises indefinite storage of card numbers by merchants, creating the conditions for data breaches and cross-merchant profiling, causes foreseeable harm the regulatory framework already names.

The legal case for user-controlled payment identity is not controversial. The infrastructure to deliver it simply does not exist in the UK yet.

What eigin is building

eigin is being built to close this gap.

Virtual Visa card numbers, issued per merchant or per transaction, funded through a UK-regulated Banking-as-a-Service partner. When you pay with an eigin card, the merchant receives payment confirmation and a virtual number. Your real card number never reaches them.

Cards can be single-use, merchant-locked, or spend-capped. Subscriptions can be cancelled by deleting the card. The mechanism is the same one the card industry already uses for security, applied at the user level for privacy.

The waitlist is open for UK residents. Join it here.

---

eigin is a pre-launch UK product. This page collects expressions of interest only. Eigin is not yet authorised by the Financial Conduct Authority. No financial service is currently being offered.