On 18/09/2017 6:05 AM, Huge wrote:
> On 2017-09-16, Rich <ri...@example.invalid> wrote:
>> <URL:
https://www.schneier.com/blog/archives/2017/09/on_the_equifax_.html
>>>
>>
>> Quoting from the URL above:
>>
>> Last Thursday, Equifax reported a data breach that affects 143 million
>> US customers, about 44% of the population. It's an extremely serious
>> breach; hackers got access to full names, Social Security numbers, birth
>> dates, addresses, driver's license numbers -- exactly the sort of
>> information criminals can use to impersonate victims to banks, credit
>> card companies, insurance companies, and other businesses vulnerable to
>> fraud.
>>
>> Many sites posted guides to protecting yourself now that it's happened.
>> But if you want to prevent this kind of thing from happening again, your
>> only solution is government regulation (as unlikely as that may be at
>> the moment).
>>
>> The market can't fix this.
>
> Nonsense.
For the market to fix it, the use of inadequate security has to impose a
cost on those who fail to improve it (hereinafter, if somewhat
inaccurately, "the banks"). That cost has to exceed the cost of
improving the security.
At the moment it appears that the total cost is carried in part by third
parties who are for various reasons (legal, practical, etc.) unable to
recover it from the banks. The remainder, which takes the form of fraud
against the banks, is seemingly less than, or at least assessed as being
less than, the cost of implementing the higher security plus the income
impacts of that higher security (customers can't or won't comply, and go
to other banks).
As the article suggests, legislation may be required to ensure that the
cost imposed on third parties is easily recoverable from the banks. If
that were done, then the cost to the banks might then be high enough for
them to act.
Sylvia.