Both of my credit cards have been replaced (without any request from me) with new versions which have a wireless, authentication-less, confirmation-less, and protection-less systems called either Mastercard PayPass or Visa PayWave.
I’ve never understood the old american system where your card number alone can be used to take money from you. Yes – it is your money and not the bank’s since the burden of noticing and proving that you weren’t at fault was ultimately your responsibility.
Finally in Canada we got a better system (catching up with the europeans) where (shock!) entering a pin is required to allow someone to take money from your account.
And then we went back an era in security time to a system where your card doesn’t even need to be visible, information is wirelessly read from it and used.. however the reader wants to use it, with some limits like 100$ per transaction. I will dare presume this was done because a typical moron is too lazy to insert a card, type in a pin, and wait for verification.
Not only that, but it turns out that your name, credit card number, and expiry date can apparently be read from your card using a 10$ device. Shockingly stupid.
More shocking? Read through this or this thread. It’s incredible how many people will claim (clearly without thinking it through) that this system is more secure! Trying to understand how they arrive to that conclusion and doing some research I figured it out:
- They don’t understand that chip&pin and PayPass/PayWave are unrelated technologies, and they assume that you must have both or else go back to the magnetic stripe. Clearly false, and I know that for a fact because for at least 2 years I had credit cards from both companies that had chip&pin but no radio functionality at all.
- They take the bank’s word for “you will not be held responsible for fraudulent transactions”. Really? Have you read a credit card statement recently? How many of the transactions on there can you tell with certainty where they came from? I recall once my card number was used fraudulently (without the PIN of course, why would you require a pin) at York University. I happened to work at Seneca, at the campus shared with York university. It took me a long time to figure out that I really didn’t pay 75$ at the admissions office there, partially because the bank insisted it could have been for something not admissions-related such as parking.
- They also parrot the MasterCard and Visa statements that “this technology is extremely secure and the information such as your name and credit card number is useless to thieves”. Aha? Another time when my credit card was misused (again, without a PIN, cause who needs that) someone bought over 1000$ worth of furniture and Caribbean trips from Sears. The bank noticed and I wasn’t held responsible but my card had top be destroyed and I spent about an hour on the phone with them and it took a lot of arithmetic over a couple of statements to confirm that I didn’t get charged for this misuse. Stress on top of stress.
Credit cards generally are a retarded idea. They allow you to spend money you don’t have. Extremely convenient – pay online and anywhere else, interest-free for a month, with no transaction fees, but do you know why is so convenient? It’s because of the incredible number of poor schmucks who end up buying too much stuff with money that’s not their own and end up paying nearly-illegally-large interest fees on it.
In principle I don’t necessarily mind that some dumbass is paying for my convenience, but I do mind when the card makers force an incredibly insecure payment system down my throat.
What can I do about it? Cancel all my cards? You know perfectly well that would mean I would not be able to rent a car or a pair of skis or do a number of other things that really have nothing to do with credit. I have to accept that some otherwise-perfectly-reasonable companies were sold the idea that a credit card should be requirement even when no credit is needed.
So what I’ll probably do is: try to find a good RFID-blocking wallet and use the credit card even less than I’m using it now (i.e. almost never). It will be hard because I’m quite picky about my wallets, they looked like the same leather wallet for the last 20 years, but there are a number of options available and the credit cards aren’t the only RFID concern, so I’ll deal with it.
I guess that won’t be teaching the companies a lesson, that’s exactly what they want (fewer savvy users and more sloppy spenders), but so be it.
16 October 2014 update:
My new bank account came with a visa card. It’s a debit card but I think it can be used as a credit card (online) or at least that’s the idea. Anyway the reason I mention it here is it also came with the PayWave crap but I asked the teller at the bank to disable it and she said no problem, did it immediately.
So I guess it’s not a technical hurdle to disable that shit, it’s clearly a policy that Visa decided to push on, most likely in an attempt to get people to spend more easier faster.