Sorry, but I think you're the one missing *my* point here. umbran is much closer to the mark.
First, you're correct that the current processes don't work, precisely because the incentive structure is completely wrong. *I* am saying that there is a potential market advantage to be gained in implementing a different, more stringent system, that is built around more rigorous information security certification, instead of the half-hearted mechanisms that don't work.
To succeed, it would require a true infosec company to convince some major merchants that they can get a leg up on their rivals by playing along -- whether that's realistic or not is unclear. If they could get critical mass, however, it could potentially upend the entire system, by changing the incentive structure for infosec.
Or, in other words:
They already try to prevent it, and fail.
Nonsense. You just argued yourself that they *don't* sincerely try to prevent it -- they don't have sufficient reason to do so. I'm saying that this provides a possible market opportunity for someone...
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
(no subject)
Date: 2007-01-26 12:39 am (UTC)First, you're correct that the current processes don't work, precisely because the incentive structure is completely wrong. *I* am saying that there is a potential market advantage to be gained in implementing a different, more stringent system, that is built around more rigorous information security certification, instead of the half-hearted mechanisms that don't work.
To succeed, it would require a true infosec company to convince some major merchants that they can get a leg up on their rivals by playing along -- whether that's realistic or not is unclear. If they could get critical mass, however, it could potentially upend the entire system, by changing the incentive structure for infosec.
Or, in other words:
They already try to prevent it, and fail.
Nonsense. You just argued yourself that they *don't* sincerely try to prevent it -- they don't have sufficient reason to do so. I'm saying that this provides a possible market opportunity for someone...