On Mon, Feb 16, 2015 at 3:17 AM, Florian Bösch <pya...@gmail.com> wrote: > On Mon, Feb 16, 2015 at 9:08 AM, Jeffrey Walton <noloa...@gmail.com> wrote: >> >> I'd hardly consider an account holder's data as high value. Medium at >> best and likely low value. But that's just me. > > Of course if the data is compromised it means that an attacker can also > remote-control your e-banking interface, and issue payments and so forth. > I'm sure that's not "high value" either?
No, that's definitely not high value from my experience with three US financial firms. In US financial, those losses are simply passed on to share holders. Risk is democratized, reward is privatized. Perhaps you should talk to other security architects with experience in financial and see what they have to say. Jeff