Everyone is talking about security these days. Politicians want to protect their countries from terrorist attacks, while companies are worried about frauds of all kinds. These concerns led them to introduce various security measures such as more stringent checks in airports, identifying a person by their biometrics, and looking at the buying patterns of a credit card. Although there is no doubt each additional measure increases security, they also put extra burden on the process and that can add up to a large cost.
For example, it is very convenient to shop with a credit card. Just swipe the card and sign the bill and you're done. However, if your credit card details is leaked to a malicious third party, he or she can easily purchase goods from online stores under your credit. Hence this is not a very secure payment system.
Now let's consider the opposite end of the scale. Suppose every time you want to pay with your credit card the store needs to verify your identity by checking two official documents that identifies you (say your HKID card or drivers licence), as well as performing three separate biometric scans. Clearly it is now a lot harder for someone pretending to be you using your credit card, but at this point I suspect you wouldn't want to use your credit card either due to all the hassles.
The above is of course an exaggeration of what might actually happen in practice, but it illustrates an important principle, that although security measures reduces the risk of losses, it imposes its own costs. Thus it is not wise to blindly put in place any and all security measures you can think of into a system, because the cost of performing these extra steps becomes higher than what you lose by being less secure. The art of security, therefore, is to find the point where cost is minimised rather than engineering the most secure (and likely most tedious) system.
This is not to say one cannot improve security without causing extra trouble to the customers. For example, one of the biggest reason people don't (in the companies' view) adequately secure their PINs and passwords is because they want to share them with several others whom they can trust. We all do that at some point in time, and sometimes it makes sense to do that. Usually a more secure system means it's harder for people other than the account owner to gain access. But this contradicts with our needs to sometimes let people we trust to access our accounts!
In theory, if the system knows the owner gives (or would have given) another person consent to access than it should be safe to allow access for that person, but this is almost impossible to implement without increasing risk. If I want to access my mum's back account, should the bank let me? Let's say my mum give me permission today and I got in, but I try to get in again the next day. Does the bank let me in now? Can it safely assume the situation will not change in just one day? No! It needs permission from my mum again. But if my mum is always around to give permission she can just access the bank account herself!
If the bank has perfect information it will just let me in, but it doesn't. The best it can do is look at my track record and assume that I'm benign because I always have a good relationship with my mum. Again this is a tradeoff -- set the criteria too loose and anyone can access the account, too strict and we're back to where we started -- and the trick is to find the point that minimises hassles and risk of fraud. Realistically I can't imagine anyone building this kind of system just because it's so complicated and so hard to find that "middle point". That's unfortunate, because it means legitimate people like me have to "hack" into my mum's accounts just to change a credit card number.
No comments:
Post a Comment