[Dave Birch] Part of my Bank Holiday reading this year was book dropped on my desk by our head of Software Development. He’d been working with a customer on helping some of their people to develop a better understanding of phishing (and similar threats) by developing a bogus web site to show how easy it is, and had been reading it on the train. The book is Zero Day Threat by Acohido and Swartz. It’s an O.K. read and at the end makes a few sensible suggestions. For example, they say that a priority is to do something about payments.

Jettisoning magnetic stripe payment cards and online authentication systems that rely soley on user names and passwords, and replacing them with technologies that actually hinder counterfeiting and impersonation — not make it mere child’s play — is also a must… In short, the credit-issuing and card-based payment systems are due for a massive overhaul that will take us beyond the current solutions now on the table.

They also go on to say that

One can only hope that political leaders will emerge to champion the greater public good, not be bulldozed by probusiness interests.

What they are saying here is that banks prefer to have payments insecure because it’s cheaper. This is true, but it’s important to see why, and why the goals for the payment system might diverge from public policy goals. The designers of payment systems do not have as a goal the eradication of fraud but the management of fraud down to acceptable (ie, financially acceptable) levels. The few hundred million that goes to card fraud in the U.K. is a tiny fraction of the amount spent on cards. But the money earned through this fraud, while not a big deal to the banks, may well lead to larger social problems that do not figure in the banks’ cost-benefit analysis, which is why we should still try to reduce it even if it doesn’t make business sense for our particular organisations or systems.

One the authors other observations is that “Meanwhile, the Internet itself is need of a major overhaul if it is to endure as a grassroots communication channel and a commercial transactions channel… The trick will be to tighten the internet wtihout gutting its wonderful ability to empower the underclass and stir creativity and activism”. I agree entirely but — as has been discussed over on Digital Identity a couple of times — the trick is probably to leave the Internet alone and focus on an identity layer above it.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: