Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
User Journal

Journal Journal: Economics and Website Security

I've been thinking about the economics of website security recently. This started after seeing another report (one of many) of a poorly implement website which had a database full of credit card numbers stolen.

I began to reflect upon why this seems to happen way too frequently, and I think I have hit upon an answer. There is no economic incentive for companies to secure there credit card database except for that associated with bad PR. This is the fault of the fraud model used by credit card companies.

Credit card companies charge merchants a fee per transaction which is partly based upon number of charge backs against the merchants account. Thus, if you as a merchant accept a stolen credit card, you not only loose the cost of sale but also have higher overhead on all future credit card transactions. Thus this is a very strong economic incentive not to accept stolen credit cards.

There is no similar economic incentive to prevent your customers credit card from being stolen. If these stolen cards are used at another merchant, that merchant become the victim (and pays the real economic cost) of your poor security.

In general, I think displaced costs such as this and the reason that spam has become so prevalent is one of the biggest problems that free markets currently face. My next journal entry will probably be on the problems we as a society face due to displaced costs.

Slashdot Top Deals

Never ask two questions in a business letter. The reply will discuss the one you are least interested, and say nothing about the other.