Shostack + Friends Blog Archive


Financial Cryptography: 2005 – The Year of the Snail

Ian Grigg is on a roll with good posts. See this 2005 – The Year of the Snail Since he’s doing the thinking, and I haven’t had my coffee yet, I’ll just ask, what happens when this gets 10x worse? Is there anything acting as a serious brake to that? Also, Ian says “serious money” is being made. Are there any credible estimates of what a bank or other types of companies loses to phishing? Will phishing act as a brake on the size of retail banks? (Phishers target larger banks because they are far more likely to hit a Citibank customer than say, a Springfield Savings and Loan customer. Is the cost of phishing large enough that it balances the economies of scale Citi gets by processing a gazillion cards?)

2 comments on "Financial Cryptography: 2005 – The Year of the Snail"

  • Iang says:

    On just one question, the estimate of damages. In the middle of the year, I put together this estimate:
    Which judged to be a billion dollars at that point, give or take. By which I meant that a) it’s impossible to estimate well, b) it’s an order of magnitude, so if it was $500mil then I claim I’m right, and c) if it wasn’t a billion by then, it would be soon!
    Since then, I’ve seen nothing to indicate it was wrong. So for me, a billion worth of losses, give or take.

  • 2006, and beyond…

    Over at EmergentChaos, Adam asked what happens when “the snail” gets 10x worse? I need several cups of coffee to work that one out! My first impressions were that … well, it gets worse, dunnit! which is just an excuse…

Comments are closed.