It is necessary. I have been informed by banks that they force their services (such as, forbidding the offer of alternative ones).
So, those of us that refuse Visa and Mastercard (for example, refusing cards embedding NFC) now have no service available in some area, and will be monitoring for alternative solutions.
I'm curious to know why people (you?) refuse cards embedding NFC. I know a couple of people who do because there's currently no cardholder verification required when making a contactless payment, which could make your card a more attractive target for theft. Are there other reasons?
-- A radio bridge to a bank account already does not sound right.
-- Payment must need some signature: it could be a PIN, it could be that the payer hands money to the payee. It cannot be that the recipient approaches a card.
-- Technical circumvention of security systems is a possibility that overwhelms any possible benefit of "contactless" payment. Risks are created and no value is added. (Actually, less then zero: tapping the card instead of inserting it in a reader seems an unjustifiable transition.)
-- Already reading the card contents could create access to personal information (it apparently happened that some cards revealed full details).
-- Were the card stolen, the thief would be able to use it. Then you should go through bureaucracy to void those purchases - but there was no need for any such unretributed waste of energies in the first place. Nor there was a need for insurance when what you wanted was security.
-- The protocol was apparently faulty, in that transactions between card and reader always work (as if to prevent failures in case of data connection outage), and if the card was recalled the transaction is cancelled at a later stage (instead of being validated as a condition to carry on the expense).
-- In case of a major failure, good luck in winning the litigation.
-- In case of a mid-sized failure, e.g. the thief committed more transactions having gained access to the PIN, the declared policy of many banks is to put the fault on the card owner, who "must have misplaced the PIN - they all do that, don't they".
-- Unclear contract: the expense roof is 10u today, maybe 100u in the future, later 1000u - decided by the systemic side.
-- Unclear workings: proponents will often be unable to answer to simple questions such as limits in rate of expenses ("You set a limit of 10u for PIN-less expenses: what happens if somebody tries many transactions in a short timeframe? One may not fear a transaction of a 1000u, but 100 transactions worth 10u" "Ah.")
-- Vile communication, such as "it is secure because you will always keep the card with you" (this was on the website of a major player) should as always be an alarm.
I may have not remembered a few while writing, especially obvious ones.
Thank you for going to the effort of coming back to respond! I appreciate the detailed critique. There's a lot to think about here, but one thing that comes immediately to mind is that this:
> Payment must need some signature: it could be a PIN, it could be that the payer hands money to the payee. It cannot be that the recipient approaches a card.
...could be easily solved with a button on the card (like my FIDO2 key has), or, in the case of the NatWest trial, a fingerprint scanner[1] on the card itself. This would stop the card from being (accidentally/maliciously) charged by NFC through a wallet or pocket. Unfortunately, it doesn't look like NatWest continued the trial - for the moment, at least, that makes gives them the privilege of being both 'the first' and 'the last' UK bank to unveil biometric credit cards!
Im unopinionated but it’s interesting how a decisión like this may barre an individual from places like Costco, who are Visa-only, but suppose there’s cash
So, those of us that refuse Visa and Mastercard (for example, refusing cards embedding NFC) now have no service available in some area, and will be monitoring for alternative solutions.