The Latest, If Not Greatest
Updating a couple of stories we've been following:
Marc Dann resigned today, proving that even someone devoid of shame can read the handwriting on the wall when it's spray painted on the wall with HUGE CAPITOL LETTERS. Ohio Democrats wanted him out, filed articles of impeachment on Tuesday and on the same day the Governor authorized an investigation by Ohio's Inspector General, which got rolling this morning. Good bye Crusader Dann, The Mortgage Cop (paid subscription required). You can always join your role model, Eliot Mess, as an associate in his law firm, Spitzer & Dupre Associates. Maybe you'll even make your own Top Ten List.
TJX, the subject of a massive security breach that resulted in the theft of 90 million stolen credit card account numbers and hundreds of millions of dollars in claims, has recently "suffered" from increased sales (paid subscription required). Ben Worthen of The Wall Street Journal's Business Technology Blog isn't happy about it.
For those of us who care about tech security – admittedly a smaller group than those who care about cheap clothes – the results are disheartening. And they raise two questions: 1) Why don’t customers avoid businesses that mishandle their personal data? 2) Why should businesses care about protecting customer information if the public doesn’t care?
We think we know the answer to the first question: It’s not customers who suffer when someone uses their credit cards — it’s the bank that issued the card. Sure, a customer has to go through the hassle of getting a new card, but this doesn’t cost any money. We recently spoke to one man who’s had his credit-card number stolen seven times. He now views getting a new card as routine.
We don’t know what to do about the second question, though. Breaches are bad PR, and the business leaders we’ve spoken to whose organizations have lived through one make it sound like an ordeal that they wouldn’t ever want to repeat. But it’s hard to see how businesses that haven’t gone through a breach would look at TJX’s numbers and conclude that they need to spend more on security technology and train employees to behave differently.
Yep, it's the banks that suffer and it's the banks that have been suing (well, along with every other aggrievede party that class action lawyers can dig up). Bank Litigation: a growth industry. This is a great country, is it not?
As to Worthen's second worry, that TJX's example will make businesses less concerned about security technology, that's not an option for banks. First, their business depends on being secure. A leaky bank bleeds customer goodwill, and reputational risk is a safety and soundness consideration, too. Which leads us to the more important consideration, that bank regulations and guidelines require banks to be concerned about technology security, whether or not they'd otherwise be interested. Finally, since banks, especially credit card banks, are often on the hook for costs associated with replacing compromised credit cards, they have an incentive for making sure that the merchants they do business with give a hoot about technology security.
Still, consumers can be "sheeple" on occasion, can't they?
















