Safe and sound

[Dave Birch] As the whole TJX matter trundles toward a settlement, it does serve to remind us that cost is not the only area for dispute between banks and retailers at the moment. There’s also security. In the U.S., the National Retail Federation has already launched a campaign to get credit card companies to permit retailers to not store credit card numbers and have the details stored by the issuers instead (so, perhaps, you the merchant has some sort of reference number that gives them access to the data for transaction purposes). The NRF say

It makes more sense for credit card companies to protect their data from thieves by keeping it in a relatively few secure locations than to expect millions of merchants scattered across the nation to lock up their data for them.

This seems fair enough. But would it solve the problem or it would it just mean that a data breach would result in more (and more accurate) data being stolen? Either way, it seems unlikely that it would mean no more breaches at all even if the House of Commons Justice Committee gets its wish and to criminalise data breaches.

Technorati Tags: payments

This is a stonewall prediction, because absolute security costs infinite amounts of money, which neither banks nor retailers have. Anyway, even if systems are built security, people always make mistakes. Last month, a Georgia man was notified that he had a negative balance of $211 trillion at his Wachovia bank account. His overdraft makes the U.S. national debt, which is only slightly over $9 trillion, seem like small change. Luckily for him, Wachovia reports that the balance was caused by “an isolated banking error”, and that of course he would not have to pay any overdraft charges. Apparently the error was that his account number was entered in place of his balance. Like the $218 trillion phone bill we saw in 2006, why are errors of this magnitude not caught by some sort of bounds checking algorithm in the bank’s software? Furthermore, if an error this size gets through all of the checks and balances, then what other, less noticeable errors are falling through the cracks every day?

I hate to sound like an old fart, but in my day I’d like to think that this wouldn’t have happened — I blame object-oriented web 2.0 C doubleplus-good or whatever it is the kids use today. It’s been many years since I wrote any code, but I would have thought that an occasional bounds check might be appropriate from time to time, wouldn’t you? Don’t the banks have some ready reckoner for this, such as “if a personal overdraft is greater than 25 times the TOTAL NATIONAL DEBT, then double check it?” or something like that.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]