This year's Times Square Ball Drop marked not only the end of 2025, but also the end of the MetroCard. Now, New Yorkers must use their credit, debit, or One Metro New York (OMNY) card to navigate the city aboard Metropolitan Transportation Authority (MTA) trains and buses. While some residents welcome the transition away from the notoriously finicky MetroCard, the speed and convenience of the OMNY system comes at a cost: privacy.
While only 4 percent of fares were paid via OMNY before the pandemic, usage quintupled by 2021, and the Spring 2025 Customers Count Survey showed more than half of subway riders primarily used OMNY—84 percent of whom reported satisfaction with the payment option. Only 30 percent used a pay-per-ride or unlimited MetroCard, according to the survey.
Like its predecessor, passengers may transfer money to a physical OMNY card using cash or card at machines located throughout the subway system and at some retailers. Like MetroCards, OMNY can be used anonymously when purchased and reloaded with cash.
Unlike the MetroCard, additional value may be added to the OMNY card by linking it to an online account. Creating an account requires a name and cellphone number. Users may also opt to connect their OMNY account directly to their bank account, trading anonymity for avoiding the hassle of manually adding value to their OMNY card.
Another worrisome feature of the OMNY system is its trip history, which catalogs the date, time, product type, and fare of every OMNY card tap. The Surveillance Technology Oversight Project, a nonprofit privacy advocacy and legal group, published a white paper in October 2019 warning that the data collected by OMNY, which includes the "location of the card reader and the time and date of a tap," would allow the MTA "to map each rider's travels around New York City."
Although OMNY's interface appears limited, Reddit users reported that trip history also included location information—subway station and bus number—as recently as September 2025. To make matters worse, neither an account nor login credentials are needed to access this information for the past seven days of activity. A week's worth of trip history accumulated by tapping your debit or credit card can be accessed by anyone who obtains a card number and expiration date.
OMNY's own terms of use state that the company will furnish the less-than-confidential information it collects to government officials not only in response to a subpoena but also in response to any "discovery request, court order, or any other type of request or requirement of a governmental body [that] requires that such Confidential Information be produced or disclosed."
Fourth Amendment concerns regarding OMNY's disclosure policy prompted state Sen. Kristen Gonzalez (D–Manhattan) to introduce S.B. S4886A in February 2025 to "to provide protection and data privacy for individuals using the OMNY program."
Under the current OMNY regime, the only way to avoid ride information being collected and possibly shared with the New York Police Department is to buy and add value to a physical OMNY card with cash.
The information collected by OMNY is not quite as detailed as the start- and end-stop location data collected by the Washington Metropolitan Area Transit Authority (WMATA). The MTA collects the full fare at the point of entry and, unlike WMATA, collects no information upon exit.
For half a century before the MetroCard monopoly (the system debuted in 1994 and became the sole key to the subway and bus system from May 2003 to May 2019), a series of metal tokens were used instead. Before tokens, turnstiles received dimes (1948–1953) or nickels (1920–1948). Preceding coins were paper tickets purchased from booth agents and presented to gate attendants.
While heavier and more cumbersome than a card, the nickel-and-dime era was the most privacy-respecting epoch for public transportation in the Big Apple. It was the only time a move from one payment system to another increased both convenience and anonymity.
The post NYC Transit Just Got Rid of MetroCards for Fares. The Successor Could Put Your Privacy at Risk. appeared first on Reason.com.
