Through this blog I have been suggesting many preventive methods for all sorts of digital usage. However recent news reports such as this http://tinyurl.com/jydguqk are shaking the foundations of preventive practices by consumers. In this news article many bank account holders was robbed by a hacker diverting money into a wallet. Normally such hacks are done by a mixture of social engineering (fraudsters posing as bank folks and calling consumers for the OTP) and some data gathering. In this case though no such effort was made. In the social engineering cases though, the banks put the burden on the consumers, although in many cases the consumers have no clue about digital awareness. In the latter cases at least there is bit of solace as banks take the burden. Since many systems and disparate companies are involved (laptop providers, internet providers, telecom providers, banks, telecom equipment providers) and the hack could be anywhere, it is easy to pass the buck around.
There are many systematic issues which lead to this state. The general thinking when it comes to security measures, is to do the minimum possible to avoid the regulatory pressures. For many large corporations ROI on the investment becomes a paramount importance. Startups are even worse because traction and growth are more important than inconveniences of security.
But the most dangerous aspect of this whole thing is the unprecedented growth of digital proliferation without any effort on creating awareness about safety measures. Whose job is this ? Government’s ? Company’s ? or Users ? Question’s to be answered are,
- Should companies provide method for opting out of online mode ?
- Should awareness exercise be mandatory ?
- Should there be consumer insurance ?
- Who should carry the burden of proof with respect to hacks ?
Hope regulators wake up and provide clarity on this !!