How do third parties impact privacy, security, and integrity? Let’s say that Company wants to transact with Customer online. They rely on third-party certification authorities to confirm a private and secure connection before Customer inputs payment details, and they rely on a third party to process payments for transaction integrity. These third parties facilitate this transaction, and innumerable other transactions each day, so the confidence level that they perform—in a predictable, rational, reliable, timely, and trustworthy manner—is high. However, the reality is that third parties (individuals, businesses, governments, computer networks, or others) are not always predictable, rational, reliable, timely, or trustworthy. Employees violate company policies, businesses breach contracts, governments change laws, computer networks fail, companies run into liquidity issues—in one survey, 87% of firms had operations disrupted by a third party, 28% faced a major disruption, and 11% experienced a complete third party failure.
Online shopping relies on intermediaries to protect privacy, security, and integrity, but these third parties introduce costs. In addition to explicit fees for their services, there is an implicit cost associated with the risk that they suffer a network outage, lose a key person, suffer a data breach, file for bankruptcy, or otherwise fail to perform. Incentive structures (rewards and penalties) can decrease the risk (and associated cost) to a point but cannot eliminate them. This makes third party reliance a significant business vulnerability—they are single points of failure and in some cases critical security holes.
When third party reliance is unavoidable, optimized systems minimize this vulnerability by distributing responsibility across several third parties where only a portion of them (m of n) must perform at any given time. Diversifying the risk that any particular third party fails to perform can “radically reduce trusted third party costs and risks” (to the extent that performance is not highly correlative). In our earlier example, Company mitigates its third party vulnerability by using several payment processors. Today, this principle is being applied to security frameworks (Zero Trust systems), personal finance (multi-signature wallets), network encryption (distributed key protocols), and everyday businesses to mitigate third party vulnerability.