[fc-discuss] Financial Cryptography Update: Google payment system confirmed - let the trimming of tall poppies begin
iang@iang.org
iang@iang.org
Wed, 22 Jun 2005 14:24:49 +0100 (BST)
Financial Cryptography Update: Google payment system confirmed - let the trimming of tall poppies begin
June 22, 2005
------------------------------------------------------------------------
https://www.financialcryptography.com/mt/archives/000511.html
------------------------------------------------------------------------
Google confirms they are doing a payment system. It may be like
Paypal's but I wouldn't bet on it. Either way a new sport is about to
erupt in the payments systems world - sniping at Google's payments
system.
http://www.theregister.co.uk/2005/06/22/google_confirms_payment_plan/
Let's just be clear about this - it already has a name, it's called
_chopping down the tall poppies_. This is a game of envy and spite.
It comes because a successful player uses its money and muscle to take
on a new field in which others have failed, when all the smart people
knew how to get in there but couldn't muster that money and muscle (in
this case, I'm referring to cognitive muscle as well as user base
muscle).
It's going to happen so get used to it, guys. I'll go first: *I'll
bet you didn't think of this:*
http://c0x2.de/lol/lol.html
Google are entering into the payments system world at a dangerous time.
This could be a unique time in the history of payments systems, simply
because all those theoretical threat models that we have all trained
with, sweated over and loved for a decade or more, now, are coming
true. There's one you'll have to deal with, and you won't have the
luxury of saying "oh, that's not our problem" this time.
This change has occurred in these pages mostly under the cover of a
runctous attack on the idle ostriches of the browser world. Phishing
is just the headline, but the real story is that there is now an
industrial scale threat to payment systems. Some very few engineers
know how to deal with these threats on a real basis - primarily those
grounded in European banking experience - but for the most part a lot
of the payments systems are learning the hard way right now.
For google, the lessons will be different. There will be no breathing
space, no easy ramp up to the critical mass. It is I predict highly
likely that from day one, attention will bear down on them from the
phishing attackers. I suspect google will weather the security storm,
but that's only a guess. The problem here is that there is a
difference between facing statistical or safety threats and the
aggressive crook. Security goods are different because they have an
unruly third party in the transaction.
It will also shoot all the profitability figures to outhouse. Because
the attacks will take up a larger support component per transaction
than expected then there will be only a loss-leader rationale for the
payments system for many a year. I would still do it, but I'm a
strategic kinda guy, still if google are in this for anything but the
long term, save yourselves the trouble and exit stage left now. Or
cull your team of short term thinkers.
(There is a perfect face-saving way out, but it'll cost the price of a
Dell *equivalent* laptop ;-) )
(Expect Dell laptops to drop like a stone if this pans out...)
(Expect all hell to break loose if this is true...)
(Are we living in interesting times again?)
--
Powered by Movable Type
Version 2.64
http://www.movabletype.org/