Cameron Camp and Jen Andre
Cameron Camp and Jen Andre

Pro: Jen Andre, co-founder, Threat Stack

The question is moot. If you make electronic transactions in any form, your money is already online, because everyone else is. No business operates without connectivity to the internet. The point-of-sales breaches at Target and Home Depot deeply illustrate this. Such breaches are not going to stop happening, and nearly every retailer (online or not) will be vulnerable to them in some way. It's not reasonable to expect consumers to switch to pure-cash transactions.  

Given that reality, consumers have some onus to be savvy in choosing who they do business with (and how), to protect their own finances. Text messages and mobile apps make it easy to monitor your bank and credit card statements, and get alerts instantly when something is suspicious. With the increase of computing power and the rise of machine learning and big data, fraud detection is getting faster and better. New payment technologies such as Apple Pay are reducing the attack surface for potential credit card thieves and ensuring all transactions, including brick-and-mortar ones, are safer.

Anti: Cameron Camp, security researcher, ESET

Unless you have protections, digital awareness and training, consumers expose themselves to risks while banking or purchasing products online. Consumers must learn to choose passwords wisely, change them frequently and limit their exposure. They must also keep sensitive personal information, bank account numbers and passwords in unencrypted form off their phone. On the institutional side, memory scraping on point-of-sale and other related technologies will remain a scourge to payment card participants. Financial institutions view theft in terms of “risk management,” not specifically stopping theft because it's bad. That is, they assign a value to fund loss and attempt to manage that relative to security purchases. If that equation is at an acceptable level, they feel a measure of success and proceed to other issues. Consumers, on the other hand, think an acceptable level of “loss” would be zero. Lack of full disclosure on breaches, and/or delayed reporting weaken security and trust across the landscape in the interest of brand protection.