Many people doing risk management assert that you cannot eliminate risk. Those people are partly right. If you are willing to modify the functionality of a program or system, you can eliminate some kinds of risk, Obviously, this is much easier early in the design or implementation of a system.
Trade-offs to Eliminate Risk
Part of risk management is comparing the benefit of a features against the risks caused by their implementation. If a feature is risky, but critical to the function of the system, we obviously can’t eliminate it. On the other hand, a nice-to-have feature could be eliminated to reduce risk. Another approach is to reduce the accidental risk of a feature by changing its implementation. A medical system could use a randomly generated ID number instead of a patient’s social security number as a unique identifier. If you don’t have sensitive information, you cannot leak it.
Functionality Trade-off
One really easy to understand trade-off is how an e-commerce site handles credit card information. Assume that you are using a secure connection (https) to transfer this information, otherwise the risks are much larger. Let’s propose three scenarios.
Scenario 1: Save Credit Card Information
One approach is storing credit card information including CCV number with user account information.
The benefits are mostly convenience and ability to up-sell.
- Handle later purchase without asking for full information
- Reduced barrier to purchases through convenience
- Easy handling of refunds
Most of the downsides are unexpected and outside of your main business. The downsides from these risks could range from embarrassment to legal liability.
- Attackers steal credit card information from you
- A Coding mistake causes extra charges on credit cards you hold
- An insider steals card information or uses it to make purchases
- Accidentally revealing credit card information through logs, backups, or screen display
- Authentication mistake revealing credit card information from a different account
- Loss of revenue from customers that don’t want to give out credit card to yet another site
Scenario 2: Discard After Use
Another approach is using the information to immediately charge the customer and then discard all credit card information.
The sales and convenience benefits are much less in this approach, but the risks go down.
- An attack on the system cannot release previous customer information
- Charges to customer happen at the time of purchase
- Coding mistake or malicious insider cannot compromise all customers
Most of the downsides are unexpected and outside of your main business. These downsides from these risks could range from embarrassment to legal liability.
- Subsequent orders require re-entering credit card information
- Refunds become more awkward
- Potential exposure of credit card information during processing
- Potential delay of a sale due to problem with card processing
- Loss of revenue from customers that don’t want to give out credit card to yet another site
Scenario 3: Off-load Payment Processing
A final approach is pushing the risks of handing credit card information to a third party. Many e-commerce sites use PayPal for this purpose. The assumption is that the other party is better able to deal with the risk, due to their focus on that as their core business.
- No direct risk dealing with credit card information
- Attack on the system cannot release any customer information
- Charges to customer are immediate
- Coding mistake or malicious insider cannot compromise all customers
Most of the downsides are outside of your main business. The downsides from these risks could range from embarrassment to legal liability.
- External processing system has payment information
- Loss of revenue from customers that don’t want to use the suggested payment processor
Conclusion
The important thing to note is that there is no best scenario. Instead, you need to be aware of both the risks and benefits to make appropriate trade-off for the business.