Just want to point people over to a great blog post over at TaoSecurity - Black hat budgeting. This is an excellent article which starts to examine the economic factors related to attacking and protecting information. Thinking in this way really puts some perspective on the security budget that people spend on attempting to protect information. Long story short - if you don't think or don't know if bad guys are targeting you - find out (what information are you protecting and why?), and if the bad guys are targeting you - you should be thinking this way.
Recently, new types of credit card security features have be debuted, such as this one from Visa. And as some of the comments on Bruce Schneier's blog point out, its questionable how effective this is. I want to figure out what the motivation is behind these ideas, as it appears banks and the major credit card brands are not completely transparent about the benefits to the consumer. My example is this, one source has that in 2005 $2.8 million was lost due to credit card fraud from Visa and MasterCard in Canada alone. These costs are absorbed by the credit card companies as they protect their cardholders from liability, but as can be expected these costs are directly applied to the card brand customers, people and merchants, in the form of fees and interest rates. Now lets say that card brands can deploy a technology to eliminate 90% of this fraud and associated insurance and liability costs. Likely a large savings both in Canada and globally. Would we, the public and mercha
Comments