I doubt other payment or ecommerce platforms are any more secure. Given its size, I assume Facebook has a lot of smart people working on security. And they still screw it up. How are smaller platforms, who can't attract or pay for the very best talent, going to do any better (other than by being smaller targets, I guess)?
I am. I know a bunch of them personally. They are definitely the some of the best security people I know. They just have a really hard problem to solve.
If you think about it, a breach of 30 million accounts out of 2 billion ain’t that bad.
This requires pretty loose definitions of OK, which, I guess, works out OK for Visa and MasterCard ?
Both systems experience what on the Web we'd consider a staggering level of problems. Fraud losses just in the UK for the card payment system exceed £500M per year. They're proud of themselves for catching about 60% by value of potential fraud. That is, people _tried_ to steal over a billion pounds each year, but only get away with £500M...
They use out-dated cryptography, they straight up lie to their partners, to customers and even to the courts. I trust them about as much as some random Etsy maker.
Now, my country's laws mean when Visa screws up, my bank, regulated by those laws, has to make me whole. And I'm a middle-aged white guy, so good old-fashioned unconscious bias means when I'm screaming at a regulator about my rights they listen.
But if I didn't have those laws, if I was an elderly black lady, I can expect that I'd be told it's not the payment card company, I must have secretly travelled to Hong Kong last weekend and bought $5000 of men's watches and so I have to pay for that transaction even if I have witnesses who say I never left... after all the computer says it was my card and how could that be wrong?