Posted by:
admin
15 years, 3 months ago
Dave Kearns has a response to Robin Wilton's musings on user-centric identity prompted by a WSJ article on Monday about research from from Javelin Strategy & Research and the Better Business Bureau.From the article:
Businesses absorbed 93% of the financial damage, or just under $6,000 per victim, the latest survey found. The reason: Zero-liability clauses and other protections often shield consumers from the direct costs of credit-card fraud and other forms of identity theft.
From Robin:
It‘s therefore tempting to suggest that increasing the ‘user-centricity‘ of the system is the answer. Either make the user the data custodian, or give the user the (only) means to control access to their personal data.
The question the WSJ article prompts me to ask, though, is this: can you envisage a case where the user has that degree of control, and yet businesses still shoulder 90% of the cost of identity theft? I can‘t.
- the lack of incentive for users to bear added responsibility, as long as someone else is picking up the cost of the current approach;
- the difficulty of raising the awareness and competence of every user and citizen, as data custodians, relative to achieving the equivalent rise in awareness and competence among existing data custodians. Not that I‘m suggesting the latter is ‘easy‘ either!
Technically, the cost of fraud is absorbed by the companies customers as a whole, not by the individuals. So if the company wants to be competitive, it should work to minimize the cost of fraud. Then it will generate higher net income or be able to offer lower prices and grab market share.
Isn't there a happy medium for at least some of these issues? If you take the example of online credit card fraud alone, wouldn't single use credit card numbers eliminate this part of the fraud pie? In this instance, the user takes control of their credit card number, the merchant should have lower fraud rates and everybody wins. The downside is that the user must enter a new card number for each purchase, but there you have it.
Share on Twitter Share on Facebook
Recent Posts
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
- WiKID Android tokens had their data deleted over the weekend by Google Chrome bug
Archive
2024
- January (1)
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)