[jessriedel]

Ok, but shutting down the website because of legal/moral responsibility to protect customer info is very different than doing so because of the “real money involved”, which is what commenter dewey was responding to. You can choose to just take the fraud cost hit in the latter case.

[lazyasciiart]

That's why people aim for the legal costs to be commensurate with the possible gain they will miss out on. Many corporate penalties are small enough that mathematically, it's absolutely worth simply breaking the law all the time.