Sunday, March 24, 2013

Why Let Foxes Set Henhouse Security Penalty Fees?

Commentary by Roger Erickson

Witness yet another local feud over asset allocation. This one's between bank-service-providers & merchants. Several items will seem familiar to peasants wielding common sense, students of heterodox economics, and white collar criminologists.

Genesco Lawsuit Could Shake PCI Compliance Regime To Its Core

The argument's over who gets to fine whom? For what, when, for how much, and how frequently? This is always an issue in equitably managing private association "taxes &/or penalties." Rather reminds me of class-based policy for income & other taxes! For sustainability, shouldn't they all co-manage the strategic incentives, not just the immediate tactics?

"The root cause of conflict in this case isn't necessarily about the security standards themselves, but in how the card brands and payment processors choose to inflict financial penalties due to noncompliance and breach events."

"There is a presumption in favor of the payment processor built into the system."   [ya think?]

"The revenue stream generated by these fees is the dirty little secret of the PCI world"

"the revenue model creates a perverse disincentive for processors to push  [a protection-racket model]"

"one of the best outcomes of the Genesco case would be if it would spur the creation of an independent governing body that would assess PCI compliance and the penalties associated with it"

Gosh, maybe we could someday make the Fed, SEC, DoJ & IRS "independent" too? Perhaps even Congress? Wotta concept!! :(

The simple, adaptive systems rule to apply here is adaptive focus. Make policy serve emerging CONTEXT, since solutions to full context always require a whole strategy that is greater than the sum of it's tactical parts

It really seems quite simple, and we're more than adequately evolved to solve this. To succeed as a nation, just cooperate on group outcomes? Gee. Isn't that what social species do? Pay the cost-of-coordination, to reap the unimaginable, mind-blowing return-on-coordination. As far as we can tell, nothing has outdone that policy, for ~3.5 Billion years.  Hard to argue with that kind of sustainable success.

But that's just what we're doing. Why? We can't resist the temptation to tax the Golden Goose? Group self control for a growing group is something we achieve ONLY with increasing practice. The only way to profitably handle increasing degrees of freedom is with discipline that co-scales with those degrees of freedom. That's as simple as not trying to pilot a jet or aircraft carrier until you've adequately trained the crew, and even then provide them with enough practice to maintain adequate skill levels.

Ditto for a potentially innovative and inventive work force. Use 'em or lose 'em.

No comments: