show image

Paypal’s security breach highlights our dependence on others

News that Paypal‘s security has been compromised should surprise no-one. This is not to say that the company is unreliable but that any organisation can have its systems overcome. In this instance the perpetrator was innocently trying to access his own account, didn’t have his password handy and realised there was a workaround. His blog explains that he persuaded the system that he’d submitted his security details, known as two factor authentication, when he had done no such thing,

He alerted Paypal and the company closed the loophole immediately, as might be expected from any decent and conscientious company. There is probably no harm done at all, in fact the system will be more robust, a fault detected and nobody had to have any money stolen to find it.

It does highlight the issue of how dependent we have become on third party systems to run our businesses. Many organisations use Paypal to process payments. A backlash against the company, now averted, could have hit them hard.

At least there would have been some sort of comeback against a service for which the user pays, This would not have been the case in other instances in which people use third party services to publicise or even process their business.

Paypal is just the thin end

Perhaps your business sells to younger people and has been using Twitter’s short video service, Vine. Or perhaps we should give it the new name New Statesman Tech has just coined, Vine R.I.P. Twitter announced yesterday that the service was to be discontinued. If you’ve used it at all, it had better be as a nice-to-have rather than as a definite must.

This is not the first time a business has quite legitimately decided to scrap a service that wasn’t going to make it any money. In 2008, social network LinkedIn (now owned by Microsoft) launched its LinkedIn events service. Many people liked this and a number of events companies started using it to publicise and acquire attendees. When the company decided the service was unlikely to make any money (see this blog offering alternatives) in 2012, the reaction was hostile. A number of people said there business would go bust because of LinkedIn’s action.

LinkedIn’s action, remember, was to withdraw a free service it realised was not going to produce any income. This is hardly morally reprehensible, it was a private company rather than a social service.

How many free services do you use?

Social media has accustomed us to expecting a great many things to be free at the point of use. Of course, Facebook uses our details and pushes advertising to us and is therefore no more free than an “independent” television service – we just don’t perceive ourselves paying for it.

The lack of direct payment, though, means the service can end up unaccountable to us. Suppose you used LinkedIn events, or let’s say you run a selection of LinkedIn groups to support your professional service. What is your comeback if the company decides to scrap the service next week? Perhaps your business or public sector body has a Facebook page through which it addresses client concerns. It’s not likely to happen because the business model works, but what if the company decided not to continue with company pages, or to charge for them?

Moreover there are businesses using Google Mail for their company (by all means disguising the address so it looks professional) and Google Docs for their office automation. We have reached the stage of “peak freebie” – the expectation is that there will be IT facilities and they will be paid for by…er…someone else.

The Paypal issue is related in that it shows us that third parties can have a hiccup. In this case it was a minor thing and there is no suggestion that it’s not fully rectified. It serves as a reminder, however, of how many services we now buy into which are not accountable to us, and which support us because it happens to suit them. If IT departments and professionals are relying on any of these third party services, there couldn’t be a better time to remember the need for a paid-for, fully-accountable Plan B in the mix somewhere.