Last year, Google proposed a $3.1 billion acquisition of Doubleclick, which prompted consideration of the acquisition by the Federal Trade Commission and a hearing before the Senate Judiciary Committee’s subcommittee on Antitrust, Competition Policy and Consumer Rights. Both the FTC and the Senate were addressing not only anti-trust risks for competition but also the implications for consumer privacy of a merger of the leading Web search engine and leading behavioral advertising provider.
About a year ago, one of my credit card companies "upgraded" two of my credit cards to include a paypass RFID token in the card. In doing so, they automatically canceled my old card account and changed my credit card numbers (so my automatic charges failed). In my research, I have explored the security and privacy risks of RFID, mainly for a business. But these risks are not limited to the business, the same attacks can work on consumers carrying these cards in their wallets, cards could be cloned or be made to accept fraudulent charges. Thankfully, the financial risk to the consumer is fairly minimal, as any financial loss is carried by the card issuer. Alerting and fixing any mistakes is still a responsibility of the consumer. My complaint with the cards, is that I was sent them automatically with no choice and then had tremendous hassle to get my normal cards back. I called customer service and the representative could not understand why I did not want the card. He had not been trained in how to respond to questions about the technological aspects of the card, and instead he tried to follow his (non-relevant) script about the benefits.
The media yesterday (Wall Street Journal, Associated Press, Economist, etc.) were all over 31-year-old Jérôme Kerviel, the trader at France’s Société Générale who has apparently confessed to fraudulent trades resulting in an estimated loss of roughly $7.2 billion.
In further coverage, we hear that the bank has apologized to share holders, filed legal claims against Kerviel, and promised the public that the incident does not suggest any larger issues with the company’s risk management. The Wall Street Journal however, follows up with a story questioning the effectiveness of regulatory oversight that can let something like this transpire despite Société Générale’s claims that controls were adequately tested and did not fail.
I've seen an increasingly common trend for vendors or others to post sensitive personal information in public places, to prove that no harm will come, or that their solution will protect against any possible misuse. One person to do this recently, in response to the data loss by HM Revenue and Customs is Jeremy Clarkson, a TV broadcaster specializing in cars. Despite having no background in finance and fraud, he published his personal information in a newspaper column trying to diminish the idea that harm could come from the data breach. And that has come back to haunt him, as someone set up an automatic debit from his account of 500 GBP a month to be given to charity. My favorite part of the story is his new attitude:
"We must go after the idiots who lost the discs and stick cocktail sticks in their eyes until they beg for mercy."
Beyond a good laugh, what can we get from this story?