About a year ago, one of my credit card companies "upgraded" two of my credit cards to include a paypass RFID token in the card. In doing so, they automatically canceled my old card account and changed my credit card numbers (so my automatic charges failed). In my research, I have explored the security and privacy risks of RFID, mainly for a business. But these risks are not limited to the business, the same attacks can work on consumers carrying these cards in their wallets, cards could be cloned or be made to accept fraudulent charges. Thankfully, the financial risk to the consumer is fairly minimal, as any financial loss is carried by the card issuer. Alerting and fixing any mistakes is still a responsibility of the consumer. My complaint with the cards, is that I was sent them automatically with no choice and then had tremendous hassle to get my normal cards back. I called customer service and the representative could not understand why I did not want the card. He had not been trained in how to respond to questions about the technological aspects of the card, and instead he tried to follow his (non-relevant) script about the benefits. After he finished subjecting me to that, I spoke to his manager and was able to get my old cards back. But those came with different numbers because they had to cancel the account and create a new one, which possibly impacted my credit rating.

It seems that UK banks are now experimenting with similar technology, but at least two of their citizens were dismayed (the one who got the card and the one who bothered to write the article). UK (as well as EU and Canadian) citizens seem to be more privacy sensitive as a whole. I did not see any similar articles in the US press, beyond Mastercard assuring consumers that their technology is secure.

As a consumer, the subject of the article and I are both frustrated by the lack of choice given to us by companies trying to impose experimental technology on us. Generally, I am an early adopter of technology, but I don’t appreciate the long pages of fine print that accompanied this change. As a business, what should you do about this? Explore which of your customers might be interested in trying out new technology, and get their permission to "upgrade" first! Many people won’t care, but you risk alienating those customers that do by not notifying them of the change or giving them a chance to opt-out. You should at least send along a new matching wallet to go with the card.