In 2013 I lost my credit card and requested  a new one. At the time of ordering the new card, I explicitly requested one without any non-contact payment system “NFC” (Near Field Communication). On one hand, because I am not interested in such a technology (which can favor spontaneous and uncontrolled purchases,   generating debts, especially among young  people);  but especially, because  this technology    is  not safe   at all, it can be easily  hacked   from  a distance  and,  depending  on the general conditions  of the credit card  provider, up to 120 Swiss Francs  paid abusively  using this technology  can be requested  from the cardholder,  even  if he or she can prove that he or she acted using all necessary precautions. The legality of such a practice is very suspicious in my opinion, but who will file a lawsuit for 120 Swiss Francs?*

Therefore, the owner of such a credit card now becomes blocked and assumes responsibility by a technology that can hack his/her data, with consequences that can be costly for him/her and was not requested.

Nothing would  be   more legitimate  for  the owner  than to  be able to  give  up using this kind  of technology   if  he/ she is  not interested  in using it.  But the problem   is,  due to my  credit  card issuer  ( Visa,  in connection  with the Cantonal Bank of Vaud), it is impossible  to obtain a card that does not have such features already installed. The card issuer has thus chosen to equip them with technologies that open a security breach, but the assumption  of risks lies solely with the consumer.

This is not the most frightening point of the story: in order to avoid fraud, Visa advised me to wrap my credit card with an aluminum  foil, as evidence  that the provider itself does not really trust the technology  it imposes. So I’ve adopted a small anti-hacking security bag with what I had at hand (see photo – Laurent  I assume  you have the photo). I am relaxed, even if my work does not look very solid and I have to replace it regularly…

So,  in order to  protect  us from the risks coming  from  the state-of-the-art technology, we are compelled  to use a product  that has been  in the kitchen drawer for many decades! This unimaginable  story is of interest in the concept of “Control by Design” – control starting from design  – which gives the owner of a connected  object the inalienable right to disconnect  it from any network.

In this particular case,  the owner of a credit card should have the right to disconnect it from the NFC system, wherever and whenever he/she wishes.

If  in turn,  it  proves  that  the owner  considers  this method  of payment  as advantageous and is ready to take the risk of being hacked, it is his/her judgment and can decide so freely.

But if the owner  is not willing to take any risk, he or she should also have the possibility to decide  to do so freely. Data  security  accountability  would  then become  the sole responsibility of the card issuer, which should offer customers the possibility to renounce the NFC technology.

I   hope that the Swiss Government  will quickly  implement  my  motion of “Control  by Design” (1),  which  was accepted  by the National  Council,  in December 2014.

Translated from the original in French

SHARE

Other Magazines