> We require drivers license to operate vehicle, it is time we should require infosec101 training before handing over credit cards and or online banking accounts.
Sure. Why not start with an outline for what infosec101 should look like. Include estimates for how long the training should take, what the cadence for testing should be, and which agency should be responsible for validating that training. Do be sure to accurately communicate the degree to which an end user with a chip enabled bank or credit card has the ability to distinguish and disambiguate what constitutes a 'safe' or 'legitimate' online business. Also, include some details about how individuals who have been certified as completing this class and/or licensing scheme should procure insurance to protect themselves in case of an accidental data breach (for example, they leak their card info), and outline the process by which that same licensee can file an insurance claim against the insured party downstream of the physical point of payment or online payment portal that allowed a breach to happen. After all - if we are going to require online safety training, and licensing, then we should create another insurance scheme to facilitate resolution of those claims and resolve the costs.
It is really easy to point the fingers at a customer and say "problem exists between chair and keyboard", but the reality is that in the modern economy, the end user has almost no control over the security of their transactions, and little ability to influence how their purchase is handled beyond the question of "cash or card".
The only incentive that retailers, online stores, payment processors, and financial institutions have to resolve this is the simple fact that they own the liability for this, and it's only through the myth of the idiot user that they have been able to shift that liability, to varying degrees, back to the consumer.
Sure. Why not start with an outline for what infosec101 should look like. Include estimates for how long the training should take, what the cadence for testing should be, and which agency should be responsible for validating that training. Do be sure to accurately communicate the degree to which an end user with a chip enabled bank or credit card has the ability to distinguish and disambiguate what constitutes a 'safe' or 'legitimate' online business. Also, include some details about how individuals who have been certified as completing this class and/or licensing scheme should procure insurance to protect themselves in case of an accidental data breach (for example, they leak their card info), and outline the process by which that same licensee can file an insurance claim against the insured party downstream of the physical point of payment or online payment portal that allowed a breach to happen. After all - if we are going to require online safety training, and licensing, then we should create another insurance scheme to facilitate resolution of those claims and resolve the costs.
It is really easy to point the fingers at a customer and say "problem exists between chair and keyboard", but the reality is that in the modern economy, the end user has almost no control over the security of their transactions, and little ability to influence how their purchase is handled beyond the question of "cash or card".
The only incentive that retailers, online stores, payment processors, and financial institutions have to resolve this is the simple fact that they own the liability for this, and it's only through the myth of the idiot user that they have been able to shift that liability, to varying degrees, back to the consumer.