I heard this phrase – paranoia-as-a-service – for the first time recently, but I’m hearing paranoia in banking mentioned more and more often. It’s not surprising after the tesco hack, but what can you do about it? If banks are meant to be the most secure stores of value in this world, then how can they guarantee they are secure?
I’ve used this debate in the past. In particular I’ve argued that banks should advertise that they’re bulletproof data stores. After all, that should be a banks’ unique selling point. Others get hacked, we don’t. Specifically, for example, why should I trust my memories to Facebook when they’re so obviously flakey?
But banks won’t make this claim – we’re bulletproof – because they worry they might not be. And that’s the problem, isn’t it? If a bank worries they might get hacked, then they know they have a weakness. If they know they have a weakness, a hacker will find it.
So here’s the paranoid piece. Banks know they have a weakness a hacker might find, which is why they won’t claim to be bulletproof. But if they aren’t bulletproof, and they know it, why should I trust them with my money?