Millions of dollars worth of bitcoin is being sold through private Facebook groups to the same demographics that are buying Tupperware using Facebook parties.
Depending on your age, you may not be familiar with Tupperware. This iconic brand of home storage and plastic boxes founded in 1946, has been a global household name for over half a century.
So how does this American giant relate to information security? It has to do with how you buy Tupperware.
Tupperware’s sales model works around reps and potential customers attending parties. You would find your local representative and a handful of friends, hold a party and everyone would buy enough plastic boxes to organise their life and pantry.
As the world changed though this model shifted with it. You still can’t buy Tupperware in stores but people are less likely now to want to organise a party to buy a plastic box. Afterall, with so many retailers out there selling similar products, the customer now has choice and is favouring convenience.
Enter Facebook, stage left.
The modern solution to this issue for Tupperware (albeit unofficially) is to use social networks.
Facebook, in particular, is full of perpetual Tupperware parties. Private groups that are a vehicle to “attend a party” and place your order. Products are advertised as group posts and people buy via private message.
Thousands of dollars a month are being spent in New Zealand alone via Facebook Tupperware parties… the blue market (underground economy) in action.
The trouble is, the users of these mediums are not focussed on security, they are focussed on retail. Buyers are providing the complete set of their credit card information including PAN and CVC in facebook messages to complete transactions. For those who are in PCI DSS compliance environments, it’s difficult not to feel a little uneasy.
The blue market is born from necessity and ease. People want to buy things from home and are creating simple sales approaches to bypass more complicated real world (or sometimes online) systems.
These are regular people, parents, grandparents and those who are not used to the complexity of online commerce.
Personal and financial information is being shared in channels that were not designed for this purpose.
Tupperware is not alone in this. Bitcoin and it’s boom of the past six months has joined the blue market.
Millions of dollars worth of bitcoin is being sold through private Facebook groups to the same demographics that are buying Tupperware using Facebook parties. Bitcoin brokerages operate in this blue market unregulated, unchecked and largely hidden.
The boom in publicity for bitcoin and the gains that can be made from investing in it have led to massive interest from traditionally non-technical groups. It’s inevitable that these groups will try to find a simple way to get a piece of the action.
The risk from this blue market economy is high.
Personal and financial information is being shared in large quantities in channels that were not designed for this purpose. These avenues are largely unmonitored and there is no fraud detection or protection in the blue market to protect users if things go wrong.
The bitcoin market in particular provides economic challenges. Bitcoin transactions are high value and the security of individual coins and wallets is highly reliant on the owners behaviours. In this new frontier, how can we protect these people and yet still allow them to participate?
For our consumers we need to focus on education. Prevention and blocks will just force them to use other unregulated and uncontrolled channels. By working with companies like Facebook and other social media and messaging platforms, users of this blue market can be made more aware of the risks and how to behave in a way that protect them from personal and financial harm.
For our businesses, we need to open the dialogue and really look at how our users are using our platforms and systems. The assumptions we are making around usage behaviours are focused on the more technical (and often younger) demographics. We have an obligation to look deeper than that. As we engage wider groups in online commerce, we need to know how it is working before we can implement security controls and regulation.
The only thing we know for sure is that even with the boom in information security and data protection, and the ongoing global rhetoric on these subjects, we still don’t know the extent of our data loss problem or the financial impact this is having at the lowest levels globally. This could be one of our biggest challenges for 2018.
Follow me down a strange rabbit hole of where the virtual economy is meeting the masses... security is hard when we don't understand how people are actually spending https://t.co/DidoJoQb3X— Laura Bell (@lady_nerd) February 2, 2018
Nice, I mostly have been watching the hustlelive FB groups. These are a rich place for research into trust behaviour.— Ian Welch (@ratiocinatrix) February 2, 2018
Get the latest on digital transformation: Sign up for CIO newsletters for regular updates on CIO news, career tips, views and events. Follow CIO New Zealand on Twitter:@cio_nz Join us on Facebook.
Send news tips and comments to firstname.lastname@example.org
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.