|
|
#1
12-23-2013, 06:37 PM
|
|||
|
|||
The Market Ticker - Whah Whah Whah! (Credit Card Fraud)
Oh my, the stupid....
When Target (TGT) said last week that the personal information of 40 million of its customers had been stolen, it pointed attention toward a quirk in the U.S. credit system: American businesses haven’t adopted widely available tech**logy that would make it far more difficult to commit credit-card fraud. And while the credit-card industry says a solution will be in place in late 2015, skeptics say the U.S. could lag global practices for much longer than that.Yeah, that's true as far as it goes. And the crypted cards sound good, but are they good? One wonders -- is the tech**logy actually secure, or did the NSA manage to damage the encryption in them? And if they did, then who gets hosed when it gets *****ed? See, this is the thing about the current system -- the merchant is mostly protected. Provided the card is present and he gets a signature, it's **t his problem if the card is stolen. The bigger issue, however, is found in the so-called "regulatory" regime. If merchants were held strictly liable for data breaches, including for all damages done to a person who had their identity stolen and could trace any part of it to such a breach, you can bet they'd get a lot more careful about how they handled this data in a really, really big hurry. But they aren't, so they don't. Despite the presence of truly-punitive fines in the merchant agreements for breaches those clauses are more show than go when it comes to large merchants -- I've never seen them imposed on said large companies in the amounts claimed to be available for assessment. On small firms, yes. Indeed, a small firm that has a security problem could find itself being "held back" as much as six months of receipts plus the contractual fine amount, which as you might imagine would put them out of business instantly. Imagine the impact on Target were it to have six months of credit card receipts impounded until **t only was its problem cleaned up but also until it paid all costs of re-issue for the impacted cards and all fraud that occurred as a consequence. But that simply never happens when it's a big firm. People point to TJX which got hammered over a somewhat-similar breach a few years ago, but the truth is that even there the fines were a paltry (in comparison to the harm) $40 million. Consider that in the TJX case at least 45.7 million card numbers were exposed; reissuing a card typically costs $2+ each, so even absent any actual fraud there was $100 million in cost associated with the data integrity problem. We don't have a problem per-se with security. We have one with accountability -- just as we did with Subprime, just as we did with Robosigning, and just as we do today with cardholder security. When you are **t held fully accountable for the costs you impose on others it becomes a very viable business model to fail to take due care in regard to those costs. أكثر... ??????? ??????: The Market Ticker - Whah Whah Whah! (Credit Card Fraud) || ??????: rss || ??????: اسم منتداك
|
|
|
العرض الشجري