As privacy takes center stage, I expect Facebook and Google to take heat. Unlike Apple which makes most of its money selling its own services and products, Facebook and Google depend largely on advertisers or marketing others for revenue.
Tim Cook, Apple leader, is hitting Facebook on its privacy issues. Sure, he can afford to do that. The issue is not that Facebook and Google cannot have Apple-grade privacy. The problem is that if they do, they have no business.
A Google engineer noted last year that if they should make all Gmail users to use two-factor authentication, they would lose most users. Yes, people enjoy the convenience of great usability. Unfortunately, bank-level security is always going against convenience.
I do not use Nigerian debit cards online because it is too complex to use. It is the only place on earth where you combine PIN, 3 digits at back of card, and (sometimes) password at the same time concurrently to spend your money online.
So, when lawmakers are berating Google on privacy asking questions “Why is that hard to do?”, they miss the point. Facebook and Google can give us CIA or FBI-level security, but if they do such, they have no business. They are aggregators and they need to make money. They just need to have a balance. But if you are worried on privacy, get out of social media. Do not expect any there anytime soon because the business model will not change overnight.
Have you used Starbuck app before? It practically has no security. You can wake up and someone has cleaned up all the money in your wallet. Call Starbucks why they cannot make it tougher for bad guys. You get no clear response. Nonetheless, within minutes, they would return the money in your wallet.
Starbucks knows what it is doing: you can lose $1m per year on digital theft but that loose security makes it easier to earn billions on revenue. If you fight hard to stop that $1m, you can fall from billions to hundreds of millions.
Yes, a Chief Information Security Officer that joins from FBI to a retail shop would be extremely surprised that on the poor security in the retail sector. And if he wants to implement FBI-grade, the CEO will ask him to forget it. The shop must sell things despite the risks of security. (These firms need just about enough security to get the business going. You expect them to have the best, they would never.)
A well-known ring of cybercriminals has obtained more than five million credit and debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor, according to a cybersecurity research firm that specializes in tracking stolen financial data. The data, the firm said, appears to have been stolen using software that was implanted into the cash register systems at the stores and that siphoned card numbers until last month.
The Hudson’s Bay Company, the Canadian corporation that owns both retail chains, confirmed on Sunday that a breach had occurred.
That is how to understand security and privacy. It is not about tech. It is a business model. So, you would continue to read hacking of Target, Walmart, Saks Fifth Avenue, etc. That would not stop because retailers see that as cost of doing business.
Hackers have obtained more than five million credit and debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor in a breach confirmed on Sunday by corporate owner Hudson’s Bay. It’s one of the largest known breaches of a retailer and follows similar incidents for Equifax in 2017, Home Depot in 2014, and Target in 2013 (Fortune Newsletter)