Saturday, December 7, 2019

A way to make anonymous online donations

Paying for things online usually means giving up plenty of privacy. But this needn't always be the case. Last night I donated to a local charity via their website and didn't have to give up any of my personal information.

The trick for achieving a degree of online payments anonymity? Not bitcoin, Zcash, or Monero. I used a product created by old fashioned bankers: a non-reloadable prepaid debit card. (I wrote about these cards here and here).

Had I used a credit card or PayPal, all sorts of parties would have gotten access to my personal information including the site owner, the payments processor, my bank, the site owner's bank, the credit card networks, my partner, and many more. To get a good feel for how many different parties touch an online payment, check out this graphic by Rebecka Ricks, which shows how PayPal shares your information.

I bought my prepaid card--a Vanilla card--with $25 cash at a pharmacy. For it to be usable online I had to register it at Vanilla's website. That meant inputting my postal code. But that's all the information that Vanilla asks for. In my case I used my actual postal code, but I doubt that the system would have protested if a privacy-conscious user were to submit the wrong one.*

So at this point I've got a fully-loaded online-enabled card that has not been directly fed any information about my identity. (Note that this is how the process work in Canada. It may be different in the U.S. and elsewhere).

Next step, choose a charity. At the charity's website I entered my Vanilla debit card number, the CVV, and $10 as my amount to donate. The site also asked me to enter the name on the card. Because a prepaid card only says "For You" on it and not your name, just enter that or John Doe. Voila. Payment made:

Why on earth would anyone want to make an anonymous online donation? For my part, I was simply experimenting with my prepaid card. But I can think of several licit reasons for why people might want to donate anonymously with prepaid debit cards:
  1. Many people share bank accounts. They might not want their partner to know that they are donating to a cause that their partner might not support.
  2. A donor may not want the donee to know their identity lest the donee use it in a way that hurts the donor. For instance, if in public life I am a well-known conservative Evangelical, but I donate to a cause (say abortion education) that I privately support, I might prefer avoiding any chance that the donee leak my information in an attempt to 'out' me.
  3. I like the charity, but don't trust it or its chosen payment processors to protect my information from hackers.
  4. I don't want the charity to have my information so it can't inundate me with spam.
If non-reloadable prepaid cards can meet people's legitimate privacy needs, there is also a nefarious side to them. Anonymity allows people to evade rules about donations. For instance in Canada, there is a certain type of donation that is highly regulated: political donations. Below I've listed a few keys regulations:
  • No cash donations above $20
  • No anonymous donations above $20
  • The identities of contributors that have given $200 or more must be reported to Elections Canada, which will publish them
  • No single individual can contribute more than $1600 in a year.
Canadians have good reasons for supporting these limits. We don't want wealthy people to have an outsized influence on politicians. And we want donations to be transparent so we can see how politicians might be influenced by certain donors.

I can imagine plenty of scenarios in which motivated donors may want to break these rules. Say that a set of business owners in the restaurant industry stand to profit if the Liberal candidate wins because she supports removing regulations that increase restaurant operating costs.

After legally donating $1600 to the Liberals, some less savoury restaurant owners might want to illegally funnel more funds into party coffers. Cheques, credit cards, and other banking routes would be too risky. They establish a clear connection between the owner's identity and the donated funds.

A motivated restaurant owner can instead use $10,000 in cash to buy prepaid debit cards. They then go to the Liberal's website and donate $199.99 fifty times (for a total of $9999.50) using bogus names like John Doe, Jane Doe, etc. Since each transaction is under $200, they won't trigger the rule that requires such donations be reported to Elections Canada. And the Liberal Party probably doesn't have the capacity to cross-check each of the fifty payees to verify that they are associated with real identities.

This rinse-and-repeat strategy highlights one of the ambiguities of prepaid regulations. To reduce the potential for fraud and money laundering, regulators in Canada and the U.S. disallow non-reloadable prepaid cards with a face-value in excess of $500 (I believe that's the number). But since these cards are relatively anonymous, there's nothing preventing a would-be fraudster from using multiple cards to get around the cap.**

In any case, I'm not saying that this sort of donation fraud is occurring. But it's plausible. There's a reason that gift card and prepaid card fraud is rampant in North America. The relative anonymity that cards offer makes them a tempting tool for criminals.

As always, there is a yin/yang nature to anonymous payments. Anonymity is great when it protects well-meaning people from harm, but not so great when it protects bad people from good rules. Striking a balance is tricky.

* To access Vanilla's website, I had to disable my tracking blocker. Which means that the website probably has all sorts of processes going on in the background while a Vanilla user enters their postal code. These processes could link the user to their identity by cross-referencing the data gleaned by Vanilla's trackers against other data that has been collected elsewhere. This is probably an issue for these who want all-out privacy, and steps would have to be taken to mitigate information leakage. As they say, there is probably no such thing as pure anonymity, only degrees of anonymity. But for anyone who simply wants to enable a prepaid card in order to prevent their partner or the donee from seeing their transactions, then it's probably not a big deal.

**The way to nip donation fraud in the bud would be to require payment processors to avoid processing any prepaid debit card payment for political parties, or to limit cards to some inconvenient amount like $5 so that a rinse-and-repeat strategy is too costly to perform. It is possible that this tactic has already been adopted by payment processors.


  1. I have3 cosidred donating to one or more candidates for office in USA. But I do not wan to get on a mailing list weher I will be target of begging etc. This might be a way...

  2. One year I was feeling generous because I had a surplus of cash so I donated to a couple of organizations. One of the recipients hounded me repeatedly to donate again and I am sure they even sold my name/address to generate more income because shortly thereafter I was receiving requests from other unknown organizations to donate to their cause. I have since stopped donating under my name/address and requests have withered away. Anonymous donations are the way to go for me now. I am just sorry that a portion of the donation, albeit a small price to pay, has to go to the debit card vendor to purchase the card.