zlacker

[parent] [thread] 2 comments
1. game-o+(OP)[view] [source] 2022-07-30 00:28:46
Strongly agree.

We've already seen shades of this in banking. After chips were added to credit cards, people started having their chargebacks denied because "our records show the card was physically present" (even if the charge originated in another country)

How long until companies try to deny responsibility for data leaks because "our records show Windows was fully up-to-date and secure"

replies(2): >>supert+T3 >>mike_h+XU
2. supert+T3[view] [source] 2022-07-30 01:14:19
>>game-o+(OP)
The error in logic there is that chip usage is stronger proof, but not infallible. How was the account started? Cards can be stolen from mailboxes and purses. Some smartcard manufacturers have poor key handling security; Gemalto emailed keys before writing them to SIMs. Some EMV chips were vulnerable to replay attacks due to shoddy implementation.

This is why consumer protection laws are more important than any technical means of financial security. Having a super duper hardware wallet to store your cryptocurrency doesn't negate the irreversible nature of transactions.

Raw data is even harder to secure than money. Money in a banking system can be clawed back or frozen. Data can't be un-leaked.

3. mike_h+XU[view] [source] 2022-07-30 13:38:09
>>game-o+(OP)
That seems to be an argument for damned if you do, damned if you don't. Yes, people need some incentive for deploying security upgrades and being able to say "we are sure it wasn't us" in disputes is part of that incentive. Otherwise why bother? If people get treated the same whether they made a genuine good faith effort to be secure, or do nothing, then you're just rewarding the companies that ignored security to focus on other things.
[go to top]