Making Credit-Card Payments More Secure By Making Breaches More Expensive
from the aligning-incentives dept
Conry-Murray's contention is that the compliance system is far too easy to game, particularly because it only checks companies' systems once per year. His suggestion is to force all merchants and processors to comply, and check their systems regularly. Companies could opt out, but by doing so, they would be agreeing to significantly higher fees and penalties in the case of a breach. As he notes, these fees would have to be high enough to where they would make devoting more resources to security a more desirable option. This idea, and indeed any that dramatically increases the cost of breaches, is worth mulling over as a way to encourage companies to increase their security. As long as the fallout from data breaches isn't enough to make companies sit up and take notice -- and change their behavior -- there won't be any real change.