Criminals strike again, stealing information on an uncertain number of credit cards from a third-party processing firm. MasterCard says more than a hundred thousand of its customers are at high risk for fraud as a result, and the total number of all cards exposed could be as high as 40 million.
The world freaks out, and it's not a day before people (including some at MasterCard itself) are already calling for more government regulation to keep it from happening again.
But what if more regulation would actually make the problem worse?
Is there a better way to prevent crime like this?
Here are some answers:
Could more regulation actually make the problem worse? Possibly:
- As regulation increases, typically it becomes harder for smaller firms to enter the market (ask any small business owner how much paperwork he or she has to fill out instead of just doing what they do best)
- As it becomes harder for smaller firms to enter the market, older firms become entrenched
- The more entrenched a big firm becomes, the harder it is for them to be corrected when they do wrong -- either by a new competitor moving in and taking their place, or by corrective action taking place from within as new people join and are promoted within the company. Think about how the Arthur Andersen accounting firm got into trouble because of Enron.
- The more entrenched the market becomes, the less likely the firms are to respond to customer demands and take necessary precautions
- As fewer precautions are taken, the risk increases that something will go catastrophically wrong
- When something goes catastrophically wrong, what's the excuse? "We did everything the regulators told us to do!"
- Law enforcement doesn't necessarily need more ways to interfere with individuals' privacy; it just needs more high-skill people capable of tracking criminals, and perhaps better reporting from the private sector.
- Criminals need to think the risk for this kind of crime is greater than the reward -- both risk and reward are functions of two things: What you get, and how likely you are to get it. If the criminal is even remotely likely to get something big out of credit card fraud, it takes either a high risk of getting caught or a harsh penalty to balance out the equation. Penalties for this kind of crime may need some revision.
- We should also think about novel ways of catching the criminals (increasing the chances they'll be caught). A decent-sized reward leading to the perps in a case like this should be enough to make someone turn them in. A $2 million reward, for instance, would be enough for just about anyone to live on for the rest of their natural life...and if as many as 40 million cards are at risk, that's a cost of just 5 cents a card. That's a pretty efficient way of getting the crooks, isn't it? After all, the Unabomber's own brother turned him in for a $1 million reward (which he promised to give to the victims' families).
Besides, isn't it a little naive to think that regulation can keep up with the pace of these crimes, anyway? Do you really think Sen. Ted Kennedy is reading Information Week? Is Sen. Bill Frist perusing Slashdot? Hardly. In fact, the government itself has been known to break the law regarding information privacy, and the Pentagon's own websites have been hacked. Just because it's government doesn't mean it's flawless.