Remember, after the recent earthquake and tsunami in Japan, those stories about wallets filled with money being found and turned-in to the authorities, still stuffed with cash? That’s one positive aspect of Japanese culture, but does it also make them too trusting? Sony’s loss of first 77 million customer records and now another 24.6 million suggests that may be the case. A society with low crime rates and comic book criminals screams of unsophistication, which was confirmed for me this week when I heard from a reader who is a payment system auditor. He looks inside Japanese institutions and often doesn’t like what he sees.Many will moan about how racist this observation is and how naive and how silly it is to paint a whole people with a culturally relative paintbrush.
“For whatever reason (low crime rate, maybe?),” my reader says, “the Japanese cannot seem to get their heads around the fact that unencrypted cardholder data sitting on servers in unsecured areas and being transmitted across public networks is a bit of a risk. Every other country in Asia has grasped this easy concept, but not Japan. I have tried many times to explain why this is bad but am usually met with blank looks and checking of watches.
I agree that generalizations are "generally" false. But they are a tool. They are a useful way to slice and dice the world. And -- surprise, surprise -- most generalizations have some relevant factual basis. The danger is blind use of them and especially the use of them to justify prejudice.
I sit in Canada and love to watch the generalization that Canadians are more modest, deferential, and polite than Americans. Generally true, but not universal. It makes Canadians "nice" people. On the other hand, Americans are more honest, up front, and aggressive. Generally true, but not universal. But as a first approximation, they serve as a framework to work in and are useful.
The idea the Japanese are slow on the uptake on criminal deviance makes sense to me. If you live in a generally polite, honest, and highly socially structured society where everybody conforms then crime and the worst of criminal thinking is probably a stretch, a little hard to conceive.
I also find this bit that explains how big business thinks to be very interesting. I'm not big on business, so I am incredulous. But I do believe that Cringely has it right:
Now back to Sony. With now over 100 million accounts exposed, Sony finally sent lame duck exec Kaz Hirai out to take one for the team and apologize. Hirai offered — just as I predicted — a month of free service. What now? Lawyers will sue, Sony will fix their systems, and gamers once again will game. But while Sony may escape large economic losses from the current problems plaguing its various networks, there is one group that will continue to be rightly upset with the electronics giant — credit card companies like MasterCard and Visa.The world is an interesting place. And business is like weeds. No matter how much you hack away at the ugly undergrowth, it finds a way to spring up again. We live in a weedy world.
The credit card companies have published standards for the management of customer data. These standards are a good combination of requirements and best practices. Anyone who does a significant amount of credit card-based business is required to meet these standards, which Sony appears to have ignored. Independent audits are required. To enforce the credit card company rules there are fines and the death penalty — being cut off.
Since Sony processes credit card transactions — and even offers its own credit cards as you’d know if, like me, you obsessively watch Jeopardy — they are going to be under a very uncomfortable microscope very soon.
The auditors are coming. Worst case they might tell Sony to buzz-off — to refuse Sony’s credit card charges for those 100+ million accounts. Then something really interesting stuff might happen.
Sony might not care.
If Sony is busted by Visa or Mastercard, Discover or American Express, all that probably means is they’ll have to hire a middle man — usually a big bank — to do the credit card transactions for them. Different servers in a different data center would handle the money and all would once again be right with the world, though at the cost of an extra service charge to Sony.
But what if Sony chose a different path? What if Sony cut a payment deal with, say PayPal, instead?
It’s a tempting gambit. PayPal would like nothing more than to pick up those 100 million accounts. They’d pay Sony for them, turning a loss into a gain and a loss of face into an industry transition.
PayPal has been looking for a chance to kick the credit card companies down a peg, grabbing some business.
I can almost hear the phones ringing in Tokyo….