Shostack + Friends Blog Archive


"I've turned into my mother!"

…or, more generally, “I’m now doing that weird thing I saw an influential elder do, but now it seems to make sense”. I have several examples from my own life (generally rather predictable for a balding 40-something suburbanite), but just today I found another one, and I didn’t see it coming.

When I was in grad school, my advisor was a fairly prominent researcher, and as such he had a large office and even an assistant to keep out the riff-raff. A notable feature of this office, other than its gatekeeper and dimensions, was that although all the walls were lined with shelves, this was insufficient. The floor itself was covered to a substantial degree with stacks of reading material — books, monographs, pre-prints, correspondence. I didn’t discuss the organizing principle, but I assumed that the stacks decreased in importance the further they were from my advisor’s chair. This arrangement struck me as weird — weird in some endearing goofy way, but not the kind of goofy I’d ever be. After all, once you have tenure, you can afford plenty of shelves not only in your office, but at your house, too, and in a way your occupation is reading, so a backlog would indicate poor performance.
Well, time has proven me wrong and my advisor right. My office floor is now approximately 30% covered with books, letters, and papers, but unlike my advisor I also have RSS, and a list of blogs I try to keep up with. I found a real nugget at EPIC West.
The current debit card flare-up has caused a fair amount of consternation, much of it bred of an ignorance reinforced by the unwillingness of various important players to say much of anything about what they know. Speculation has been rife, and in my opinion has been beneficial on balance. However, there is no substitute for facts, and here are some that caught my eye:

For [EPIC’s Chris Hoofnagle], the most interesting workshop was chaired by a Visa Vice President from the company’s Risk Management Fraud Control Department. Joe Majka explained that credit card fraud problems have moved from the Internet to standard bricks-and-mortar retailers. Some of these security breaches occur because retailers are using wifi and other internet-connected inventory control systems that allow attackers to get to payment processing databases. Majka also said that there is more fraud on debit cards than credit cards, but in retrospect, I am unsure of whether he meant more frequency of fraud or more money lost.
Majka also shared interesting information about fraud:

  • He noted that Visa has its fraud losses down to $0.06 per $100 charged, but also said that the total dollar amount of fraud is increasing. Apparently the volume of sales has made the fraud to charge ratio decrease.
  • Financial institutions use the term “family” or “friendly” fraud to describe cases where people make charges and then claim that they were made by someone else.
  • Less than 1% of the people affected by the security breach experience actual fraud, but losses tend to be high for that 1% of victims.
  • Even when fraud is detected, unless it reaches a certain level, the Secret Service will not begin an investigation. Even a fraud event resulting in $50,000 in loss will not necessarily trigger an investigation in Southern California

EPIC West (emphasis added)
Taken together, the bold-faced portions help answer some of the questions I’ve had about this series of card cancellations. This means the stuff on my floor will stay there, because I’m going to be spending more time at EPIC West.