> Comments?
I think your proposal is not entirely unreasonable, although I wonder
if the people who have the most interest in a secure system are not
the banks, but the insurance companies and the customers. My
impression of banks is that as long as they can quantify the potential
loss, they can just set the margins to allow for a reasonable profit
over the loss. That way, they don't have to worry about security
unless a cost/benefit analysis shows that additional security will
produce a significant profit. I suspect that this is the reasoning
that resulted in the security hole in the metro card machines.
WRT public gullibility, the only gullibility that's present here,
really, is the willingness to pay the additional margin. If I'd
rather pay 10% and not have to audit the bank, than pay 5% and have to
audit the bank, then my decision not to audit the bank is an entirely
rational one. In order for your scheme to work, you'd have to
convince *someone* that auditing the bank will drop the margin by more
than the cost of doing the audit, and indeed by enough more that it's
an attractive prospect.
_MelloN_
