Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

User Journal

Journal: Economics and Website Security

Journal by regen

I've been thinking about the economics of website security recently. This started after seeing another report (one of many) of a poorly implement website which had a database full of credit card numbers stolen.

I began to reflect upon why this seems to happen way too frequently, and I think I have hit upon an answer. There is no economic incentive for companies to secure there credit card database except for that associated with bad PR. This is the fault of the fraud model used by credit card companies.

Credit card companies charge merchants a fee per transaction which is partly based upon number of charge backs against the merchants account. Thus, if you as a merchant accept a stolen credit card, you not only loose the cost of sale but also have higher overhead on all future credit card transactions. Thus this is a very strong economic incentive not to accept stolen credit cards.

There is no similar economic incentive to prevent your customers credit card from being stolen. If these stolen cards are used at another merchant, that merchant become the victim (and pays the real economic cost) of your poor security.

In general, I think displaced costs such as this and the reason that spam has become so prevalent is one of the biggest problems that free markets currently face. My next journal entry will probably be on the problems we as a society face due to displaced costs.

After any salary raise, you will have less money at the end of the month than you did before.