Comment Re:Assumes a Cause (Score 1) 85
.. There is also an assumption that all thefts are registered and are hence available data.
Is it not possible that one would not register a complaint with, say, a small local insurance broker (or just tell him over golf his secretary needs to check signatures better) whereas one might fill in a form for a multinational, since that's the only way you get a result (like cancelling your compromised card)
Data needed would be
-number of thefts
-number of customers
-volume of business
-some kind of 'estimated level of reporting' percentage
Possibly also 'level of problem' - is it a 'bigger' theft to have a cheque for £50 mailed to the wrong address, or to have a credit card opened in your name, or to have a gun purchased using your ID? Do some companies have only say 0.001 of accounts breached - but when security does fail, it fails catastrophically, to the tune of millions of dollars?
If someone ran off with my numbers, I'd be more concerned that they didn't breach my 'good name' than actual money value - since my career relies on being entirely free from crookedness.(Dealing with money lost is what ID theft insurance is for) This however is a different metric - 'how many' is not the same as 'how bad' - which suffers from being non-numeric, and hence hard to statistify.
Is it not possible that one would not register a complaint with, say, a small local insurance broker (or just tell him over golf his secretary needs to check signatures better) whereas one might fill in a form for a multinational, since that's the only way you get a result (like cancelling your compromised card)
Data needed would be
-number of thefts
-number of customers
-volume of business
-some kind of 'estimated level of reporting' percentage
Possibly also 'level of problem' - is it a 'bigger' theft to have a cheque for £50 mailed to the wrong address, or to have a credit card opened in your name, or to have a gun purchased using your ID? Do some companies have only say 0.001 of accounts breached - but when security does fail, it fails catastrophically, to the tune of millions of dollars?
If someone ran off with my numbers, I'd be more concerned that they didn't breach my 'good name' than actual money value - since my career relies on being entirely free from crookedness.(Dealing with money lost is what ID theft insurance is for) This however is a different metric - 'how many' is not the same as 'how bad' - which suffers from being non-numeric, and hence hard to statistify.
