In 2013 I lost my credit card and requested a new one. At the time of ordering the new card, I explicitly requested one without any non-contact payment system “NFC” (Near Field Communication). On one hand, because I am not interested in such a technology (which can favor spontaneous and uncontrolled purchases, generating debts, especially among young people); but especially, because this technology is not safe at all, it can be easily hacked from a distance and, depending on the general conditions of the credit card provider, up to 120 Swiss Francs paid abusively using this technology can be requested from the cardholder, even if he or she can prove that he or she acted using all necessary precautions. The legality of such a practice is very suspicious in my opinion, but who will file a lawsuit for 120 Swiss Francs?*
Therefore, the owner of such a credit card now becomes blocked and assumes responsibility by a technology that can hack his/her data, with consequences that can be costly for him/her and was not requested.
Nothing would be more legitimate for the owner than to be able to give up using this kind of technology if he/ she is not interested in using it. But the problem is, due to my credit card issuer ( Visa, in connection with the Cantonal Bank of Vaud), it is impossible to obtain a card that does not have such features already installed. The card issuer has thus chosen to equip them with technologies that open a security breach, but the assumption of risks lies solely with the consumer.
This is not the most frightening point of the story: in order to avoid fraud, Visa advised me to wrap my credit card with an aluminum foil, as evidence that the provider itself does not really trust the technology it imposes. So I’ve adopted a small anti-hacking security bag with what I had at hand (see photo – Laurent I assume you have the photo). I am relaxed, even if my work does not look very solid and I have to replace it regularly…
So, in order to protect us from the risks coming from the state-of-the-art technology, we are compelled to use a product that has been in the kitchen drawer for many decades! This unimaginable story is of interest in the concept of “Control by Design” – control starting from design – which gives the owner of a connected object the inalienable right to disconnect it from any network.
In this particular case, the owner of a credit card should have the right to disconnect it from the NFC system, wherever and whenever he/she wishes.
If in turn, it proves that the owner considers this method of payment as advantageous and is ready to take the risk of being hacked, it is his/her judgment and can decide so freely.
But if the owner is not willing to take any risk, he or she should also have the possibility to decide to do so freely. Data security accountability would then become the sole responsibility of the card issuer, which should offer customers the possibility to renounce the NFC technology.
I hope that the Swiss Government will quickly implement my motion of “Control by Design” (1), which was accepted by the National Council, in December 2014.
Translated from the original in French