I wonder if this could just be solved by selling fraud insurance?
It could be another ridiculous bank surcharge or service, but would
negate the need for byzantine technology infrastructures to support it.
All that user end security devices do is put more non-repudiable
onus on the user, so that when it fails, the service provider is protected,
and the user is cryptographically guaranteed to be SOL. Biometrics
are an excellent example of this. They are a single factor authentication
technology, maybe two factor if there is a PIN, and when the database
gets compromised, nobody will believe that the user isn't responsible,
because "The System is Perfect".
Many security technologies are based upon the risk avoidance paradigm
of government/military organizations, instead of the more practical
risk management perspective of more nimble organizations. This is
partially why alot of technologies aren't getting adopted. They are Perfect, but
a burden.
The solution that balances security and accessability will be the one that
incorporates an acceptable loss expectancy and enables the company to leverage the
convenience of that risk. Building massive security structures does little to
decrease the actual risk, they just push it out to the edges, that is, to
customers.
The ubiquity of personal computers as general information appliances has made
them more of an interface to the economy than the tools that we are used to
using them as. Since these interfaces are as diversely designed as wallets (M$
turned our machines into wallets), we can either demand better wallet security
devices, or we can mitigate risks to their contents through insurance.
TEXT.htm (4.1 KB)