Is The Switch’s Card-Saving Change Really A Good Idea?

If there’s one thing I’ve learned in this life, it’s that when users have a choice between convenience and security, they pick convenience every single time.

When the Nintendo Switch first came out, its eShop did not include an option to save a person’s credit card information for future purchases. It’s a feature that most e-commerce sites include and most consumers have come to expect, and thus Nintendo took a lot of heat for leaving out what seemed like an obvious feature. Fast forward to the present, and Nintendo recent eShop update (which adds a card-saving feature) is being met with sighs of relief and cries of “What took you so long?” Most people view this move as a Good Thing™since it makes purchasing eShop games a lot easier…but is there a downside to this decision?

As I discussed previously, the Switch is a potential (but poor) candidate for being used to spy on its user’s daily activities. However, there are lots of other reasons why someone would steal or hack a device, and perhaps the biggest reason of all is to obtain sensitive information (personal, financial, etc.) that the attacker could then use for their personal benefit. If the Switch starts saving credit card numbers and similar data, its value as a hacking target increases substantially.

After digging into the issue a bit, I’m afraid that it’s good news/bad news time once again, and it’s mostly bad:

  • It’s unclear exactly where your credit card data is stored once it is saved on the Switch. On one hand, there are strong hints that this data is stored “in the cloud” (i.e., somewhere on Nintendo’s servers) rather than the Switch itself: Nintendo has explicitly stated that credit card data is never saved directly on the Wii U or any member of the 3DS family, while also saying that “information stored on your Nintendo Account [via the Switch] can also be used for off-device purchases.” However, I can’t find a definitive statement from Nintendo saying the data is not stored on the Switch itself. It’s good news if the data is truly not saved on the actual hardware, but it’s worth noting that gaming companies don’t have a great track record of protecting data on their own servers (recall the 2011 Sony hack).
  • Speaking of server-side storage: As Polygon user VioletP notes, we also know nothing about how the credit card data is stored. Is this data encrypted in any way, or is it stored in plaintext for the world to see? (If you think that would be an obvious decision for any company, think again.) What sort of legal protections/regulations affect this data? (Do we even know which country, as thus which legal system, has jurisdiction over this data?) Until Nintendo becomes a bit more transparent on issues like this, we have to assume that this is bad news.
  • The Switch’s authentication infrastructure is a large step backwards from the Wii U (and most other e-commerce sites). Users are encouraged to put in Switch in sleep mode when not in use instead of turning the device off outright, and the only thing the system asks you to do when woken up is hit the same button three times (and I doubt they’re doing any machine learning to discern the true owner’s button-mashing style). Even worse, as you can see at the 1:30 mark in the above GameXplain video, the Switch’s eShop gives you the option of not having to enter your Nintendo Account password to confirm purchases, so any random user can just pick up your console and use your information to buy games. While the damage is limited to unauthorized eShop purchases, it’s still really bad news.
  • The Switch was hacked within days of its release, and it was done via an known iOS exploit. This indicates a lack of awareness and/or commitment to security during the development of this device, which is a huge red flag. Nintendo has since announced a bug bounty program aimed at discovering vulnerabilities in its hardware, but the fact that known bugs wound up in the system from the start is bad news for any data that might be living on it.

Thankfully, security-conscious users still have the option of not saving their credit card data and avoiding this thicket of uncertainty, and this is the strategy that I would recommend. (Seriously, how much time do you actually save through this change? Thirty seconds? A minute? Is that really worth putting your financial data at risk?) The fact is, however, is that most users will click that check box with a smile, thinking about the precious seconds they’ll save buying Puyo Puyo Tetris while also making it easier for unauthorized individuals to do the same thing. (But hey, at least the Switch isn’t storing your health care data…until the next Wii Fit game comes out.)

In short, Nintendo needs to be more forthcoming about the wheres, whys, and hows regarding user data, and beef up its authentication framework around the device as well. Until that time comes, we have to assume that saving any important data on the Switch is a bad, bad, bad idea.