Two Thoughts on Security

 2 thoughts on security.

1. When a platform provides a service, it is a safe assumption to make that the platform is secure and will be kept secure. 2FA is essentially the platform shifting the responsibility of security from itself to the customer. It is also putting the customer's personal devices at risk, because now the compromise requires the use of the personal email / phone no. It is unethical and impractical because, as we know, customer accounts and devices are compromised a lot quicker than enterprise IT infra. Platforms need to be accountable to customers and provide a mandatory RCA for every account breach.

2. Today, an appliance broke down in our house. Since it was still covered by warranty, I took the precaution of finding the company care center and calling them. The person said that I would get my request no. after the call disconnects, and the service center will call me within two hours.

The subsequent conversation went like this:

Me: How will the person calling authenticate themselves?

She: They will call you within two hours ma'm.

Me: Yes. But how will I know that the person calling me is from Whirlpool? Will they give me the request ID?

She: Can I please place your call on hold?

That was when I realised that while service centers are a MAJOR source of financial frauds today, companies have not even thought of a way to protect themselves.

When a customer is defrauded thanks to fake customer care numbers, it is the brand that suffers. But when one reaches a genuine customer care number and then finds that obvious security flaws have not been plugged, one is quite nonplussed.