The Ultimate Privacy Visa Card! Payy Uses Zero-Knowledge Proofs to Upgrade Stablecoin Spending
GM,
After the passage of the GENIUS 1 Act in the United States, stablecoins have become the hottest new startup trend. Some players are issuing stablecoins and pocketing 2 the yield themselves. Others are building dedicated blockchains to meet the speed requirements of everyday payments 3. But for people in Taiwan, what feels most tangible is still a reliable stablecoin payment card.
Previously, I recommended the Etherfi payment card, which emphasizes self-custody of assets and offers a 3% cryptocurrency cashback across all channels 4. It quickly became the go-to payment option for many. However, I recently discovered its fatal flaw: insufficient privacy protection. The focus of this article, the Payy Card issued by Payy, is also a self-custodied Visa card, but the key difference is that it uses zero-knowledge proofs to safeguard people’s spending privacy. Here’s the referral link to apply: https://payy.link/invite/12DUCH
Transaction Privacy Leaks
Recently, some community members compiled a spending leaderboard for the Etherfi payment card using publicly available on-chain data. While the list did not name names, with deeper analysis of transaction flows—combined with ENS domains or social media accounts—bad actors could easily uncover the link between a wallet address and a user’s real-world identity. That means you don’t even need to wait for a bank statement anymore; online sleuths can run real-time spending analyses on you. This is a blatant breach of privacy and one of the biggest barriers to stablecoin payment adoption. Even worse, such privacy leaks can invite targeted phishing scams—or worse, personal safety risks.
Another use case for stablecoins is payroll. I once had a job where my salary was paid in cryptocurrency. To prevent employees from cross-checking each other’s salaries through public on-chain records, the company would first deposit funds into a centralized exchange and then distribute them internally to different employees. This remains the standard practice for many crypto startups today, which shows just how scarce effective on-chain privacy tools still are.
The good news is that there is finally a practical tool that balances both privacy and compliance. In the future, if a company wants to pay salaries in stablecoins, it can simply deposit funds into a Payy wallet and then send each employee a personalized “salary link.” Employees who have applied for Payy’s recently launched Visa card can even spend their crypto directly in daily life. Very convenient!
Zero-Knowledge Proofs
Payy describes itself as an “on-chain bank.” Its core product is a self-custodied wallet with built-in privacy features, paired with a Visa card that can be used for everyday spending. According to Payy’s introduction:
Payy integrates stablecoins, privacy-preserving blockchains, fiat on/off-ramps, payment cards, and cross-chain DeFi into a single vertical platform, serving both enterprises and consumers through one interface. The mass adoption of stablecoins will push trillions of dollars on-chain—but it also brings a major risk: all transactions will be permanently public. As on-chain data is increasingly analyzed and exploited, the demand for privacy will only grow stronger.
The Payy app itself is beautifully designed and highly intuitive—I recommend trying it out. While Payy’s basic functions (receiving and sending assets) resemble those of other crypto wallets, its underlying mechanism works in a completely different way.
Take sending as an example: Payy does not require users to enter the recipient’s wallet address. Instead, it automatically generates a payment link (or QR code). Once the recipient clicks the link, the funds are credited directly to their Payy wallet. Conversely, users can also generate a request link to ask others for payment. In most cases, Payy users never have to deal with a wallet address starting with “0x.”
Below, I’ve actually created three sample payment links as a small airdrop for the first three people to claim them. Each link can only be redeemed once—so if you’re quick, please leave the others for fellow readers. Don’t grab them all 😂
- https://payy.link/s/#5nwCv6BcC9Mmv5tPYU2mKPQvye8AfezciDKFY8nvQqXfDsgvCP
- https://payy.link/s/#6EayLuEyAZRAiGpHd2SHaNMLVbduYAfSEhyubVoZUBBC5N6jgj
- https://payy.link/s/#4w8uX8mfkcBhcGttJ4sNzroeqYA8h4oGexUqMMmrQpqAXREuZh
This design stems from the personal experience of Payy founder Sid Gandhi. After visiting high-inflation countries like Turkey and Argentina, Gandhi noticed that locals immediately convert their salaries into stablecoins to avoid depreciation, then gradually exchange back into local currency as needed for expenses. By contrast, in Europe and the U.S., stablecoins are primarily limited to exchanges, with almost no applications built for everyday payments—let alone ones that account for privacy. Payy’s founding mission is to create a wallet truly built for spending, while safeguarding consumer privacy.
Behind the Payy wallet lies quite a bit of “technical magic.” Imagine I go buy a cup of coffee with my bank account. My account transfers $100 to the coffee shop, and the record is logged. Later, I buy a pair of shoes—the same account transfers another amount, and again, the transaction is linked. As long as someone knows my account number, they can list out my entire purchase history. This is how most cryptocurrency wallets work today: the account-based model.
To make tracking harder, Payy built its own privacy-focused Layer 2 blockchain, Payy Network, and adopted the UTXO (Unspent Transaction Output) model instead. This works more like cash—each unit of money is an independent digital banknote. Once spent, the note is automatically destroyed and replaced with a new one circulating in the system. In other words, banknotes never change hands directly. The system constantly burns old notes and issues new ones.
Payy stores these “digital banknotes” on users’ phones. When it’s time to spend them, the phone automatically generates a zero-knowledge proof to demonstrate to the system that “these are all genuine notes,” without publicly revealing the amount or the transaction counterparties. This achieves the magic of both buyer and seller being made whole while outsiders cannot see the transaction details.
At this point regulators will probably be uneasy. What if someone uses Payy to commit crimes? Payy already has a countermeasure: the system includes a “Transaction Lineage” mechanism. Put simply, each digital banknote carries a unique serial number. When necessary, a user can generate a zero-knowledge proof for a specific note to prove the legitimacy of the funds’ origin to a centralized exchange or regulator, without disclosing past transaction histories. Even if a user accidentally receives tainted funds, Payy can clearly distinguish them so that one bad apple won’t spoil the whole barrel.
Even with the recently issued Visa payment card, Payy carefully addresses transaction privacy concerns. For every swipe, Payy first uses the UTXO mechanism to transfer funds into a brand-new wallet, then sends them out only after privacy isolation is in place. This way, even Visa—despite having access to the user’s KYC information—cannot trace back on-chain transfers to the user’s Payy wallet. That’s why I call it the strongest privacy-preserving Visa card!
Payy hides all these advanced mechanisms under the hood. Users don’t need to understand UTXO or zero-knowledge proofs. Even if they’ve never dealt with a 0x wallet address, they can still use it with ease. Payy also leverages “Transaction Lineage” to tackle the toughest challenges of balancing privacy and compliance, covering even the details of Visa card transactions. From a product design perspective, Payy has pushed “privacy payments” nearly to the limit. But the real question is: will users buy in? I’m not so optimistic.
Market Reality
Recently, the community has started discussing whether “stablecoins are overheated.” The chart below captures this sentiment vividly. Over the past few months, attention on stablecoins has kept rising, but actual usage has not caught up. Take myself as an example: I’ve written quite a bit about stablecoins lately, but my everyday payment habits are no different from a few months ago. Only when usage scales significantly will privacy issues truly surface.
Payy places its product focus on privacy, which is undoubtedly important in the long run. But in the short term, what drives user adoption is often subsidies. The Etherfi payment card is the clearest example. Its rapid market traction came from two key selling points:
- Self-custodied assets: solving the dreaded “exchange collapse” problem
- Positive spending rewards: 3% cashback across all merchants, more attractive than any credit card
For most people, privacy and self-custody are “defensive features”—nobody cares unless something goes wrong. Cashback, on the other hand, is an “offensive feature” that can immediately change spending behavior. Payy’s card doesn’t offer referral rewards, and its cashback is just a one-time $10. If I had to choose, I’d still use the Etherfi card for daily spending, only switching to Payy in specific cases where privacy really matters—like payroll.
Payy is well aware of this and plans to fill the gap on “offensive features.” One strategy is offering frictionless, fee-free fiat on/off ramps. Users can transfer $10 from their bank and receive 10 USDC in their Payy wallet, and vice versa. This is a direct challenge to centralized exchanges, positioning Payy as both the first mile into the market and the last mile out. Looking ahead, Payy also plans to integrate DeFi yield services and launch zkKYC identity verification 5 based on zero-knowledge proofs, so that users can truly treat it as an on-chain bank.
When this stablecoin boom began, I wondered: haven’t stablecoins already been usable for payments? But as the discussion grew, I realized there’s a whole laundry list of issues with using stablecoins in daily life. From yields monopolized by a few issuers, to transaction confirmation times that don’t fit payment needs, to transaction privacy being exposed online—solving these will take time. Still, compared to regulatory bans, technical problems are much easier to overcome.
Payy also pointed out that enabling transaction privacy requires generating zero-knowledge proofs on the phone in real time. This process demands heavy computation, and on lower-end devices it might even cause the phone to heat up. Who would’ve thought that even users’ phones would need to “upgrade” alongside stablecoins?
1 The U.S. Passes a Stablecoin Bill! Why Skip CBDCs and Still Win?
2 The Stablecoin Distribution Wars Begin! Hyperliquid Forces Out U.S. Treasury Yield Reserves
3 Stripe Builds Its Own Blockchain! The Paradox of Payment Efficiency and Decentralization
5 You Know Who I Am, But You Don’t Know Who I Am: The Zero-Knowledge Proof Magic of zkKYC
