Wednesday, October 29, 2008

The Bedrock of Alternative Payments

By Mark Brousseau

The ACH Network began as a low-volume network transmitting large recurring transactions between well-established entities. However, changes in rules and business models have brought about significant changes in the nature and volume of ACH activity.

More than 18 billion ACH payments were made in 2007, representing a 12.6 percent increase from the total number of transactions generated in 2006, according to Mercator Advisory Group. Much of the growth in ACH volume can be attributed to fundamental changes in payment methods consumers and businesses use, with the network transforming into a high-volume platform of relatively low-value, non-recurring transactions. These transactions are originated from a rapidly expanding number of merchants, aggregators, corporations, and financial institutions, Mercator Advisory Group says.

Alternative payment providers such as Google Checkout, Bill Me Later and, of course, PayPal leverage the ACH to provide consumers and merchants with a secure and efficient means of payment and in doing so are experiencing phenomenal growth.

Non-financial institutions have been beating the banking industry to the punch of developing unique and cost efficient payment solutions, especially in the e-commerce space. Ironically, alternative payment providers have succeeded using the banking industry's own infrastructure to capture interchange-like revenues.

However, a new solution has emerged from NACHA that could level the playing field for banks to compete against alternative payment providers and push the ACH network in a new direction, Mercator Advisory Group says. NACHA's recently released Secure Vault Payments (SVP), an e-commerce payment solution not only enables customers to move payments from their direct deposit accounts to merchants and service providers, but transactions occur with real-time authentication and authorization from the consumer's bank Web site. The push method ensures merchants and service providers that payments are being made with “good funds,” thus reducing concerns about fraud, charge-backs, and non-sufficient funds.

Although signature debit and credit card usage online has yet to be hugely impacted by alternative payment solutions, in many cases, non-traditional payment providers offer significantly enhanced value propositions including discounts, sales and loyalty tools, and the ability for merchants to cross sell on non-competitive merchant Web sites. These value added services create significant competitive pressures for traditional payment types and are giving alternative payment methods solid traction, Mercator Advisor Group believes.

“As alternative payment methods continue to evolve and more players step into the space, the use of traditional payment cards for online transactions will continue to decrease. It is foreseeable that merchants will increasingly promote alternative payments and consumers will become more accepting of new payment types,” said Brent Watters, senior analyst of Mercator Advisory Group’s Prepaid Advisory Service. “Mercator believes that in the next five years, 35 percent of payments made online will be in the form of alternative payments, including prepaid cards, new forms of credit and programs leveraging the ACH.”

Other findings from Mercator Advisory Group include:

… The ACH continues to show solid growth and transaction volume will continue to escalate as more alternative payment schemes leverage the network.

… The ACH is moving to push versus pull method of payment thus creating direct competition for EFT networks that have been eager to develop a PIN-less debit solution for online transactions.

… The ACH's eCheck services continue to fuel the networks' transaction volume and penetrate markets currently targeted by debit and credit cards.

… NACHA's Secure Vault Payment (SVP) creates an opportunity for banks to compete in online alternative payments.

Saturday, October 25, 2008

The Evolution of Swipe

Posted by Mark Brousseau

A great slideshow from Fortune magazine on the evolution of credit cards.

Thursday, October 23, 2008

Data Loss Jeopardizes Prosecutions

Posted by Mark Brousseau

An interesting article from today's Dallas Morning News:

Computer crash hinders Texas Attorney General's Medicaid fraud case

Thursday, October 23, 2008
The Dallas Morning News

AUSTIN – A massive computer crash that destroyed hundreds of the state attorney general's confidential documents may prevent scores of Medicaid fraud prosecutions and has revealed serious problems with a newly expanded state outsourcing of computer services.

As much as 50 percent of the Tyler Medicaid fraud division's files were destroyed in July when a server being repaired by a state vendor wouldn't restart. The scope of the damage is in dispute.

In an apparent oversight, the documents lost were not backed up – meaning that evidence crucial to convicting dishonest health-care providers who ripped off the state's health insurance program for the poor may never be recovered. E-mails and other records obtained by The Dallas Morning News indicate some Tyler investigators lost up to 90 percent of their open case files.

"In spite of earlier assurances, the destruction of critical data has, in fact, occurred," First Assistant Attorney General Kent Sullivan wrote Monday in an e-mail to Brian Rawson, chief of the Department of Information Resources. Attorney General Greg Abbott's office "cannot afford to risk a reoccurrence of this event."

Lost: 8 months of work
In all, 81 criminal cases and eight months of work in the attorney general's 13-person Tyler Medicaid fraud office were completely lost, according to an attorney general's report on the security breach – records that are being painstakingly recovered by the vendor.

IBM, which leads a vendor group selected by the information resources department in the $863 million, seven-year outsourcing deal, said it still is investigating the matter.

"We do take this incident seriously, and we're taking appropriate steps to ensure that it doesn't occur again," company spokesman Jeff Tieszen said.

Mr. Tieszen said IBM-hired data recovery specialists have reassembled 24 of 27 lost gigabytes of information – 88 percent of the lost data.

State officials said that they couldn't confirm that figure and that their latest estimates remain at 50 percent.

The Medicaid fraud data loss is the worst problem to surface in the first 18 months of the state's deal with the IBM-led group – and further blemishes a privatization push throughout state government that grew rapidly after Republicans gained control of the Legislature six years ago.

In April 2007, Mr. Abbott's office was forced to switch to the outsourced system. It gave "Team for Texas," the vendor group, lead responsibility for the attorney general's information technology system, including its servers and backup tapes.

The change was supposed to provide better service and save money. But early this year, the attorney general's office and the IBM-led group had a series of communications breakdowns over whether data was actually being backed up.

In a May e-mail, Sean Peterson, Mr. Abbott's director of network operations, appeared to have a premonition, raising doubts about whether remote office servers were being properly maintained. He also asked for a list of all the backups that had failed in the last three weeks.

"I am concerned that these are not being backed up properly," he wrote.

Lag in reporting
On July 21, the Tyler server wouldn't restart. Alarms weren't raised immediately; memos in the attorney general's office say the vendor didn't notify Mr. Abbott's office of the problem until 10 p.m. on July 22.

But as initial efforts to retrieve the records failed – and attorney general's office employees realized that IBM had "not routinely backed up the server as required by contract" – memos show that both the state and the contractor realized the gravity of the situation.

By late July, IBM had to call in a special forensics team from California to try to recover documents. And the data losses were so severe that employees in Mr. Abbott's office questioned in e-mails to each other whether they should resign for failing to properly oversee IBM, according to records obtained by The News.

Shortly after the Tyler office's data loss, documents indicate the attorney general's office determined that servers for three other field offices were not being backed up, either.

In Monday's e-mail, Mr. Sullivan wrote that he needed a guarantee "that no state agency will again be faced with the situation of having data destroyed and functionally irretrievable."

There have been other highly publicized problems with big outsourcing pushes by the Health and Human Services Commission – one that created privately run call centers and maintained software to support eligibility screening for public assistance, and another that privatized payroll and hiring at 12 social services agencies.

In 2005, the Legislature and Gov. Rick Perry, building on an earlier outsourcing of state computer services and data backups, approved a measure forcing at least 15 state agencies to join a dozen that already were using an earlier vendor, Northrop Grumman Corp.

A new, expanded outsourcing deal with Team for Texas – the current provider – was struck in November 2006 and took effect in April 2007.

The deal, expected to save the state $153 million by 2013, has attracted little public attention because even though more than 500 state employees lost their jobs, about 40 percent found other state positions and the rest were guaranteed spots with IBM or its subcontractors Unisys, Xerox and Pitney Bowes.

In July, though, state Auditor John Keel criticized the information department for not riding herd on major state agencies. Though agencies were supposed to hand over to IBM their most knowledgeable and experienced computer technicians, many kept those workers by using them to fill other vacancies, Mr. Keel's audit said.

China Embraces Credit Cards

Posted by Mark Brousseau

An interesting article from this week's LA Times:

China charges into credit cards

Banks are stepping up their marketing of plastic, but the penalties are harsh on delinquent payers.

By Don Lee
reporting from Shanghai
October 22, 2008

Imagine there was a law that said if you missed two credit card payments in a row, you had to pay the full balance immediately, with heavy penalties. And if you didn't, your bank would take out an ad in your local newspaper, calling you a deadbeat. Or worse, thugs in suits might show up at your office, haul you down to the bank and keep you there for hours until you signed a promise to pay.

Welcome to the world of plastic -- Chinese style.

Chinese banks don't have national credit bureaus and sophisticated scoring models that allow them to churn out approvals in minutes. Instead, armies of young workers pore over paper applications, manually verifying one piece of information at a time.

Yet banks in China have issued tens of millions of credit cards in recent years. Today, more than 100 million are in circulation among China's 1.3 billion people, up from just 3 million in 2003, according to analysts and bankers.

Unlike American credit card firms, which are cutting back because of rising delinquencies, Chinese banks are stepping up their marketing of plastic. In the next five to 10 years, analysts say, China could issue 1 billion new cards, largely to a mass market that has little experience with credit.

Chi Wei Joong, a former American Express Co. executive, runs the credit card operations for China Merchants Bank. He has more than 9,000 workers nationwide. In every major city, Joong's sales force researches office buildings, their occupancy rates, average rents and other statistics. A report is then sent to the bank's credit department, which assigns a credit score for the building before salespeople target folks who work there.

"This is to control risk," Joong said. But if borrowers default, he doesn't hesitate to turn the accounts over to more than 100 collection agencies.

Joong says fewer than 10% of his bad loans end up in court, but some people have gone to jail. Under Chinese law, a credit card user who intentionally defaults on a sum as little as $3,000 can be sentenced to as much as five years in prison.

The tough regulations haven't stopped the steady increase in troubled credit card debts at China Merchants and other lenders. Analysts estimate that banks in China this year were writing off 2% to 3% of their credit card loans, less than half of the July charge-off rate of 6.6% in the U.S., according to Fitch Ratings.

"In the U.S., all the credit card companies are chasing subprime borrowers" because most customers with good credit already have multiple cards, said Darwin Tu, chairman of Sino Credit Corp., an industry research and marketing firm. In China, he says, banks haven't saturated the prime market yet.

On average, a Chinese credit card holder has no more than two cards, compared with five for Americans, said Tu, a Stanford University graduate who cut his teeth at Fair Isaac Corp. in California, which pioneered credit scoring.

At China Merchants Bank, which has about 23 million credit cards outstanding, Joong says his department's loan-loss ratio has climbed from 0.67% in 2005 to at least 1.5% this year. Such numbers are likely to rise as more cards are issued to young adults, who belong to China's one-child generation, seen as more spendthrift than older Chinese.

Among Chinese credit card users, more than 70% pay the entire balance every month, says Nie Junfeng, a manager in the Bank of China's personal finance department. "This may be related with the tradition that Chinese people, as the saying goes, don't like eating next year's food this year," he said.

But the young generation is different, he said. "They're more comfortable spending tomorrow's money today."

Deng Jialing, 27, got his first credit card from China Merchants Bank in 2006 when he was working for a cellphone parts manufacturer in Shenzhen, making a little more than $500 a month. His card's limit started at about $400, and like all Chinese credit cards, his had an 18.25% annual interest rate, set by the government.

Deng bought a cellphone. The card was tapped out, and two months later, Deng got a second credit card, from China Construction Bank, the country's largest issuer of plastic.

Said Sino Credit's Tu: "Once you get a card, you show that one to another bank and they give it to you. [The data's] not linked."

After hitting the ceiling on the second card, Deng easily secured a higher credit limit. He applied for more cards, building up a balance of $17,000 at nine banks. His charges included electronic gadgets, food and a $4,000 hospital bill when he got pneumonia.

For a while, he played a cash-advance game, taking out money from one card to pay the minimum monthly payment on another.

Then, on a June evening, three big men in black turned up at his workplace in Shenzhen. Deng thought about slipping out the back door. But he met the men and followed them into a black sedan.

Sandwiched between two of them in the back seat, Deng was taken to China Minsheng Bank's credit card center across town. There, he said, the grilling began: Where did you spend all the money? Why can't you pay it back?

"I told them that I was at the end of my rope," said Deng, who owed about $2,000 to China Minsheng, which declined to comment. Five hours later, after being fingerprinted and signing an agreement to pay off the balance in three days, Deng stepped out of the bank and into the night. "I walked slowly to my home, thinking how had I come to this situation."

Analysts say cases such as Deng's aren't common in China. To keep it that way, China's central bank is developing a national credit resource system, something like Experian, Equifax and TransUnion in the U.S. As of March, the People's Bank of China said, its database contained information on nearly 600 million individuals. Of those, about 3% are noted for failing to pay bills or defaulting on loans or credit cards, says Joong of China Merchants.

Joong and other bankers use the database to screen out applicants who have been blacklisted, but the central bank's system doesn't contain a complete profile to assess the creditworthiness of the remaining 97%. Some banks don't share or make timely updates on consumer data, so lenders often don't know how much debt cardholders really have.

To discourage defaults, Guangdong Development Bank has taken out ads in newspapers, publicizing the identities of delinquent borrowers. Some banks frown on the tactic, but it isn't illegal.

Other card providers try to reduce risks upfront. State-owned China Construction Bank, for example, markets cards in Shenzhen through a cable TV company. When the cable installers make a service call to a home, they offer credit card applications and at the same time verify where residents live. Joong is considering a similar tie-up with water delivery companies.

But countervailing forces threaten to increase the risk of card abuse and defaults. Cash advances usually aren't supposed to be more than a small share of a card's credit limit, but consumers say merchants and finance firms ring up bogus or inflated purchases on credit, giving the cardholder cash, less a fee. Chinese lenders have started to offer balance transfers and other sweeteners to encourage customers to revolve debt.

Chinese bankers dismiss concerns that they could one day see the kinds of heavy losses that have plagued U.S. lenders during downturns or the sort of plastic debacle that hit South Korea earlier this decade when rules on credit were eased and consumers went wild with charges.

But others aren't so sure. "That depends on how banks control the cards," said Yan Yiming, a Shanghai attorney who specializes in economics and consumer law. "I can see that many are issuing cards very aggressively these days.

"They're also going after bad debts very aggressively, as Deng learned. After that desperate June evening when he was taken to the bank, Deng called his aunt and borrowed $13,000, promising to pay her back, $370 a month. Since then, he has pared his overall credit card debt to $2,900.

Crooks Going Phishing

Posted by Mark Brousseau

An interesting article from this week's LA Times:

In desperate times, scammers pounce

Phishing expeditions are on the rise, with customers of struggling and failed banks the latest favored victims.

By David Colker
Los Angeles Times Staff Writer
October 19, 2008

The economic meltdown is not devoid of economic opportunities. There's one group of folks who might do just fine: scammers.

Security experts have spotted an increase in phishing, the scam that uses fake e-mails to get people to hand over personal financial information that could be used to drain bank accounts or for identity theft.

It was no surprise to Dave Marcus, director of security research at McAfee Inc., one of the largest computer security firms.

"Whatever is happening out there in the world, you will see scams that take advantage of that," he said.

The banking crisis -- with its mergers and takeovers -- was tailor-made for phishing. It gives scammers the opportunity to send out e-mails claiming that personal account information is needed because of the changes.

McAfee began seeing phishing reports related to the crisis shortly after the well publicized failure and sale of Washington Mutual Bank in late September.

"Generally, if the issue is in the news on Monday morning, we'll start seeing the phishing start on Monday evening or Tuesday," Marcus said.

Even a bank deal that falls apart can generate phishing scams. This month, several security websites warned that an e-mail supposedly from Wachovia bank was being circulated.

"Citigroup announced a buyout of Wachovia brokered by the FDIC moments ago," the e-mail said. Bank customers were directed to go to a site where they would fill in account information in preparation for the takeover.

But the Citigroup buyout never happened -- Wells Fargo instead made a deal to acquire Wachovia. And the e-mails were bogus.

Wachovia put a warning on its website, stating that it never sends e-mails asking customers to "provide, update or verify your personal, business, account or other confidential information."

Phishing scams often begin with a spoofed e-mail that appears to come from a legitimate source.

In some cases, fraudsters exploit security loopholes to hijack a genuine e-mail address, making it appear that is where their messages are originating. Or they simply resort to using addresses that are close to the real thing.

Examples sited by security experts include misspellings that use a double "v" to simulate a "w," as in the fake

Also, the number "1" has been used as a stand-in for the letter "l," as in

But in many cases, the scammers don't even bother to make addresses look legitimate. They rely on alarming or alluring messages. The text might say that if personal information isn't immediately disclosed, the account will be frozen or shut down.

Another variation is an urgent warning that an account is under attack by hackers and the information is needed to "verify" the true account holder.

Money is sometimes used as a lure. For the last couple of years, fake messages supposedly from the Internal Revenue Service have promised recipients a tax refund. But to deposit this windfall, the individual's banking information is needed.

Some of the e-mails are laughably poor attempts at fooling the public. A recent one read, "Recommends banks to process Visa card to renew your data quickly before being delete your Visa card."

It's like spam from Yoda.

But a link on the e-mail led to a legitimate-looking Citibank Web page where banking information was requested. These simulated sites, which can be created using simple Web tools, are the second part of the phishing scam.

They can be so convincing that, in an academic study presented in 2006 at the Conference On Human Factors in Computer Systems, well-crafted phishing websites were able to fool 90% of participants.

Obviously, the public needs to be educated about phishing, which seemed to be the aim of an e-mail in wide circulation in England. It was addressed to customers of Barclays, one of the country's largest banks.

"Like other UK based banks, we are currently seeing very large numbers of 'phishing e-mails' in circulation," it said. "Many of these look as if they are from Barclays, typically encouraging you to click a link and type in your login details."

The e-mail went on to explain how phishing works and requested, "please spend a few minutes to upgrade to our latest security."

Then it gave the link to a website. And as you guessed, it was a phishing site, designed by scammers to get their hands on account information. The e-mail was a fake, but so polite.

At the very bottom it said, "We apologize for the inconvenience and thank you for your co-operation."

You could almost hear them laughing, literally all the way to the bank.

Wednesday, October 15, 2008

The Economy and Outsourcing

Posted by Mark Brousseau

Outsourcing Shops Feel the Street's Pain

Info tech spending in India by U.S. financial-services firms could shrink 15% to 20% over the next year

by Mehul Srivastava and Nandini Lakshman

DELHI As the credit crunch on Wall Street sent dominoes toppling around the globe, Tata Consultancy Services, India's largest software-services company, started tightening its belt.

Travel was restricted, electricity consumption was to be reduced, and the company considered removing Microsoft (MSFT) Office from its PCs and replacing it with free open-source alternatives, employees say.

India's seemingly unstoppable outsourcing industry is grappling with the woes of the financial firms that make up as much as half of revenues for some players. "How this plays out, who knows?" says Pramod Bhasin, CEO of Genpact, the world's largest business process outsourcing company. Although he's optimistic, he says: "The ability to predict has gone away."

Outsourcing companies have already pulled back on new office space and leases, according to Knight Frank India, a property consultant. "Their level of concern has gone up dramatically in the past few weeks with their top-tier customers vanishing right before their eyes," says John McCarthy, a Forrester Research (FORR) analyst who traveled to India twice in September to meet with jittery Indian players. "Anyone who says they aren't worried is probably lying."

In the past two months some of the biggest names in U.S. finance have gone under. Vanishing with them is the kind of work Indian software professionals have long excelled at—projects requiring mountains of coding and individual attention. In the first half of 2007, financial companies around the world handed out at least 48 major outsourcing contracts with a total value well in excess of $5.5 billion, reports researcher ValueNotes. The first half of this year saw just eight such contracts with a total reported value of $767 million. "A lot of companies are putting on a brave face and saying this is just a temporary phase," says ValueNotes CEO Arun Jethmalani. "But how temporary is temporary?"

The estimated hit to India's outsourcers? As much as 8% of total revenue could vanish, Forrester predicts, as information technology spending in financial services shrinks by 15% to 20% over the next year. India's top five info tech and outsourcing companies saw slower growth in the first quarter, and their stocks have taken a beating. TCS's annual profit growth slowed to 7%, down from 36% in 2007. The company declined to comment for this story. Infosys Technologies has warned that it probably won't see a rise in profit this year but had no further comment. Satyam Computer (SAY), the No. 4 software service provider, says it has contracts with Lehman Brothers, AIG (AIG), and Merrill Lynch (MER). Those are "minuscule parts" of Satyam's $2.7 billion in annual revenues, says Chief Financial Officer V. Srinivas. "But that doesn't mean there won't be an impact in the future," Srinivas says. "We would be kidding ourselves if we thought that."

Optimists predict the downturn will be short. They say revenues will bounce back when American business decides to be more efficient, resulting in more outsourced work. One rosy estimate, by consultancy Everest Group, projects that cost-cutting spurred by the crisis will result in a 40% to 50% increase in financial-service outsourcing over the next five years.

The Indians, though, will continue to face increased competition for those jobs. Global players such as IBM (IBM), Accenture (ACN), and Hewlett-Packard (HPQ) have grown deep roots on the subcontinent. "The crisis will make [the Indians] face the reality of doing global business," says Siddharth A. Pai, managing director of TPI, a consultant that helps companies manage outsourcing contracts. "They haven't seen the trough yet."

Tuesday, October 14, 2008

The Economy and Insurance Industry IT Spending

Posted by Mark Brousseau

A tidal wave of bad news has swept Wall Street and Main Street, and debris is coming ashore across the globe. This crisis is sure to affect insurers the world over for years to come.

Celent LLC believes that the unprecedented breadth and intensity of issues currently facing the insurance industry will severely constrain future growth but also provide an opportunity for carriers that position themselves correctly.

“The world has changed, but not ended,” said Donald Light, senior analyst with Celent’s insurance practice and coauthor of the report. “Insurers, their technology groups, and technology vendors need to recognize this change and adapt to it.”

“Adapting includes an examination of implementation plans and budgets with an eye toward short-term, tactical payback,” said Mike Fitzgerald, senior analyst with Celent’s insurance practice and coauthor of the report.

How has the economic crisis affected your organization’s IT spending?

Post your comments below.

Identity Theft: Not Dead Yet

Posted by Mark Brousseau

An interesting article from Fairfax Connection on the resiliency of identity theft crooks:

What’s in a Name?

Though national statistics are trending downward, millions of Americans still at risk for identity theft.

By Derek B. Johnson/The Connection
Wednesday, October 08, 2008

In nature, the early bird gets the worm.

Residents going through their bills one day and finding thousands of dollars worth of mystery purchases would be wise to follow a similar mantra: the early bird gets his identity back.

That is, at least, according to retired investigator Tom Polhemus of the financial crimes section of the Fairfax County Police Department. The sooner you act once you know your identity has been stolen, the more hours you save down the road dealing with police, banks, credit unions and bill collectors.

"The main thing that we advocate is you have a personal responsibility to keep on top of your own identity," said Polhemus. "You can’t expect the government, police or financial institutions to help you. If you don’t know, you don’t know."

Though national statistics are trending downward, identity theft remains one of the most prevalent crimes in the country. According to surveys conducted by the Federal Trade Commission and Javelin Strategy and Research, 8.4 million Americans reported being a victim of identity theft in 2007, with just over $50 billion being stolen. Those numbers were down significantly from previous years, with 10.1 million Americans in 2003 and 9.3 million Americans in 2005 reporting the same crime. However those statistics do not take into account victims who are unaware their identity has been stolen, and many cases may go unreported for months or even years until a victim hears from an out-of-state bill collector or a business looking for payment. Tammy Nealy is the director of public affairs for Lifelock, an Arizona-based personal fraud protection company. For those people still carrying their Social Security card in their wallet or purse, she has a message.

"Stop. You’re going to get pick-pocketed," said Nealy. "You never think your wallet or your purse is going to be stolen, but it happens."

In addition to providing information and education on keeping personal information safe, her company charges a monthly fee to contact each of the three major credit bureaus and put a fraud alert on a client’s account. Nealy said a victim of identity theft could spend up to hundreds of hours talking with police, creditors and other institutions in order to restore their credit back to its original state. The mean resolution time per victim, according to the 2007 FTC/Javelin survey, was 40 hours.

THE PROBLEM has become so prevalent because thieves have so many ways that they can use just a few pieces of personal information to impersonate their victim. Polhemus named writing personal checks was as one of the worst practices a person can do if they want to protect their identity.

"Paper checks are terrible. It’s too easy once you write a paper check, now I’ve got your routing and account number," he said.

Those numbers combined with a cellular phone number or other pieces of information are usually enough to rack up thousands of dollars in online gaming or purchases. Seniors and children are at a higher risk for fraud or identity theft than others, according to Nealy. Because most young children lack any pre-existing forms of identification and parents rarely check up on their children’s credit report, their identities are ripe for use. A child’s age does not matter, she said, because most children have no previously established credit.

As long as a thief uses the information to beat them to it, most children won’t discover they were victims until years later, while they’re applying for their first loan or checking account. If parents begin receiving catalogs or magazines in their child’s name, that’s usually a red flag signaling that identity is being used by someone else.

"It may be cute, but it can be damaging. That means there’s a credit report for that child and bank has sold that information to a marketing company," Nealy said.

Seniors, she said, tend to be more susceptible to phone or e-mail scams, giving out personal information to people impersonating police or government officials. While she called a person’s Social Security number the "key" to all other information pertaining to a person, the truth is very little information is required to steal an identity. E. Hunt Burke, president of Burke and Herbert Bank and Trust Company, said his bank deals regularly with such cases.

"The thing we see the most is people taking advantage of the elderly customers" Burke said. He also cited phone and e-mail scams as the preferred method thieves use when dealing with seniors.

In the case of a customer who has become a recent victim of identity theft, Burke and Herbert Bank has a 24-hour phone line to call into and will immediately freeze an account when identity theft is reported. The bank also provides secure e-mail accounts to their customers for sensitive information.

There is very little in the way of "too much" when it comes to protecting your identity, said Burke.

"Every week there’s a new technology or scam. I saw stainless steel wallets the other day and thought that was silly, but people really do have devices in their pockets that can read the [credit] cards in your wallet," he said.

Polhemus said as long as a victim is diligent in keeping track of their credit reports and notify the police and creditors within 60 days of the theft, the amount of damage and liability will be drastically curbed. Wait too long, and a person may double or triple the amount of time spent clearing his or her name. Victims may even be on the hook for some of the costs.

"If you open up a bank statement, look at it and see fraud, call the bank. They will take care of you," said Polhemus. "If you know you’re busy or the statement is depressing you and you throw it in the drawer, you are responsible for paying for it. You’re on the hook for that money."

Because fraud and identity crimes rely heavily on rapidly changing technology, state and federal laws are still catching up to the practices being put in place by the criminals they’re hunting.

Using information taken from a mailbox in Virginia, a thief can run up bills in Georgia, Wisconsin, California or any other state. That severely hampers the ability of investigators at the county level, like Polhemus, from pursuing all but the most serious and costly identity crimes.

"Our criteria, the things that we look at before we investigate a case of identity theft, is, first off, do we have a Fairfax County resident without money? Then we look at likelihood of successful prosecution," he said. "We could subpoena records and find out who was making those calls, but we’re not going to extradite him from Georgia."

Nealy said credit agencies should face tougher fines and regulations when their databanks of personal information are lost or stolen. "If there was a requirement for third-parties to have certain protocols in place, that’s really going to hold these companies accountable for information," she said.

Monday, October 13, 2008

Technology in Finance

Posted by Mark Brousseau

Accounting is the top treasury function that is supported well by technology, according to Treasury & Risk’s annual financial leadership survey. Sixty-percent of the roughly 500 treasurers, controllers, CFOs and other senior financial executives who responded to the survey identified accounting as the area where technology is delivering positive results, followed by account reconciliation (50 percent), cash flow forecasting (34 percent), and business performance management (33 percent).

Conversely, 52 percent of those responding to the survey said cash flow forecasting was a function that needed better support by technology. Business performance management (47 percent), accounting (45 percent), account reconciliation (41 percent), and risk management (40 percent) were among the other functions where respondents thought technology could provide better support.

Overall, 53 percent of the financial leaders responding to the survey thought their company could do better when it came to encouraging innovation and independent thinking.

Monday, October 6, 2008

Utility Webinar Q & A

By Mark Brousseau

Last week, TAWPI’s Payments Capture & Clearing (PCC) Council and Purepay Receivables Automation hosted a Webinar on the business case for image-based remittance solutions in the utility industry. The Webinar included a case study presentation by Omaha Public Power District (OPPD), a Purepay remittance software user. There were so many questions at the end of the Webinar, that there wasn’t enough time to answer them all. So, below are the responses to the Webinar questions.

Are you able to save queries?

Tim Vasquez, Omaha Public Power District: We save our own queries in Access.

How much does the software cost?

Doug Myers, Purepay Receivables Automation: Software is based on the type of transport that it runs on, much like the CPU based pricing for the core product, and this is pretty standard across the industry and then there might be some additional modules that are specially priced based on particular capability rather then on size of transport.

How many hours are your employees spending each day now on processing your items in the utility?

Tim Vasquez: Processing on our peak days in the week takes about 6 hours total for the two processors to complete. About 4-5 hours on off-peak days for one processor.

What forms of electronic presentment and payment does OPPD offer to their customers?

Tim Vasquez: We have a very large base of customers who use our own automatic bill payment that’s about 25 to 30 percent of our customers, we get another 10 percent who use our online system or pay from an online banking system. Many of our companies will pay us by EDI or an ACH transaction. We also offer credit card payment and in-person payments to make up for the rest of that percentage to get us to that 41 percent for mail.

What does EDI stand for?

Tim Vasquez: Electronic Data Interchange; it’s used typically to send extra data (such as account numbers) along with an ACH payment.

What forms of electronic presentment and payment does OPPD offer to their customers?

Tim Vasquez: We offer Web, IVR and the auto debit program. In addition, we have electronic payment links to most major payment groups (Checkfree, Online Resources, etc.)

How long do you hold your paper items prior to destruction?

Tim Vasquez: I believe the bank requires you to hold them for 5 days. I’d check with your bank on those things specifically. We went for as much room as we could hold; most people recommended that to us as we were doing vendor evaluations. We can hold about 5 weeks of data and we destroy it internally ourselves.

Do you have walk in sites that take payments? And does this application interface with those sites?

Tim Vasquez: We have about 20 locations throughout our service territory where anybody can walk in and take a payment with an OPPD logo on it. We have OPPD software running there. Then we get those checks down at our location. If had wanted to make the investment of putting that image piece out of those offices, then we would be able to interface directly. But it seems easier for us to ship the check down to us for processing.

How do you handle keying check only payments regarding quality? - For example, double keying, etc.

Tim Vasquez: We interface with our CIS system for check only payments of that type. If it’s just check only batches that are being deposited, we use the control total to ensure the items haven’t been double keyed. If its for the account number, we return an amount from our CIS showing us what amt is due from that customer, so it gives someone an item to balance against just like it’s a regular transaction, we are assuming that the bill coming was for the amt the customer owed and then if the check does not equal that amt it presents it back to the operator like Amanda showed, showing whether you want to adjust the stub or adjust the check amount. The system can be configured to double key amounts if required.

Did OPPD ever use lockbox? There are several doing this, what would you suggest to those companies?

Tim Vasquez: We use a lockbox for deposit of our high dollar amounts. They receive the mail earlier and deposit earlier. We still process the items afterwards. We have had several people approach us to take over our processing. I think this is part of the challenge we are talking about to make sure we are competitive with that cost.

We feel that we have something to offer to that product, it’s not just a commodity we just want to use payments process. Those are our customers, they are our contacts and that’s our business life blood. We want to own that responsibility for those payments, get them posted and have the control and the ability to research when a customer calls in. We take that stuff seriously and so before you answer to us I really suggest to you that to evaluate this system, no one is going to let me talk about a specific price, but the pricing on this type of system is worth your while to look into.

I have heard companies had issues handling bill-pay payments. How did you address this issue within your organization?

Tim Vasquez: We did our bill pay; we’ve used two different groups for our bill pay. We had a lot of internal interfacing expertise. Certainly all payment processing is all about balancing, are you batching, and are you real time; if your real time, do you have a method of dealing with returns. My preferred method as an accountant, I want to batch, I want to know it’s in balance before I post anything and I want to see it posted in my bank account that same day. A big component of that when I get a chance to put in an interface for a system I ask to batch, I want to see a total and I want to see it in a bank the same day before I post payment. That’s how I would suggest doing it.

Who are you using for your web and phone payments and do they integrate directly to the other accounts receivable file you receive on other payments?

Tim Vasquez: We put Purepay systems through our regular interface for payments. Basically anytime you have a payment interface you’re going to be creating some type of flat file that goes through your interface system. It’s really not complicated. A long time ago when we started developing our interface systems for a RCIS system, we said lets make a standard flat file that’s easy to get your hands around and is simple to explain to a vendor, so that no matter what payment style we go after whether it’s a Check Free, Princeton, or; there are so many of those types of organizations that wanted to be send a very simplistic flat file format, this is my flat file format, this is what I need you to be able to create and if they can’t create it, they have the expertise in-house to create that type of simple flat file.

I know this payment type is decreasing, but what percentage of total payments are in-person?

Tim Vasquez: We actually have quite a contingent of walk-in payments. We have 10 percent of our customer base walk into our customer office through the past 10 years; really an un-phased group. Then we have an additionally 4 percent who walk in to our payment agent locations. Certainly we service a pretty good geographical region that covers rural and urban and a pretty good demographic of young to old. Those payment styles, I think Mark had mentioned, just because they are declining doesn’t mean that they are really going away. People are their payments, and they will pay the way that they prefer and we don’t discourage or encourage from any particular site location.

Does the software automatically convert each check to check 21 or does it also convert some checks to ARC?

Amanda Hales, Purepay Receivables Automation: It can do both. If you have purchased both modules it can do the decisioning for you for both. It will automatically decision if its ACH flow or should be Check 21.

Tim Vasquez: We went with the opinion of doing Check 21 just because we have so many banks within such a close geographic location. Once we deposited to 3 banks we were getting a pretty favourable flow schedule without ARC’ing, we felt it was a cost benefit for us to just go all Check 21.

Who were some of the vendors/how many vendors did you consider when you went through the process of choosing Purepay?

Tim Vasquez: I had considered 10 different vendors. Having not cleared who I can say and who I can’t say; I’ll say that I had considered all of the major players, and it was only after looking at what was out there and available that I decide to look at some of the smaller software providers who I didn’t know as well. It really all started with a walk through the TAWPI showroom, just seeing what equipment was available and who were the venders that were in play who I thought would be around for the next 5 years. Then I went to 10 of those people.

Can you explain a little about why you might not want to go with "all electronic" from day 1 if you had it to do over again as you mentioned in your intro?

Tim Vasquez: You really need to work through your banking relationship to figure out what their timeline is for electronic payment deposit. I was surprised afterwards that most banks say you have to be live and then follow this schedule for this number of weeks before we will accept an electronic deposit for you. And because of a very strong good relationship within our own geographic region with our banking group, I set the schedule for one of my banks who then adhered to it are getting a lot of props from me as far as being someone who was on my side during implementation.

Most banks you’ll find though when you start talking, find out what their schedule is for electronic deposit. See what you can do about the schedule and how you can still operate in your own environment while waiting for the electronic deposit piece to come up. Probably now if I had to do it over again I would get my bank to commit to letting me send from a remote site, set up the equipment in that remote site, go through the testing from that remote site, by remote site I would mean my vendor’s location, so that when it comes to I’m ready to electronic deposit when my vendor is ready to send.

Are you using RDC for the walk-in payments?

Tim Vasquez: We do capture walk-in payment checks using RP$ for deposit.

Which is cheaper ARC or Image Exchange?

Tim Vasquez: That’s what you want to check with your bank on, make then commit to what the pricing is going to be for Image Exchange in all types and ARC in all types. Make them commit in writing to you before you go forward on what’s your best solution. We had to run the scenario with the types of transactions we thought we would get from our history and got our banks to commit to what the pricing was. And then our learning afterwards was make sure you go back and make sure you are getting that price, because there is a lot goes into electronic deposit. You want to look at those analysis payments and make sure you are hitting that target price they said they would give you.

Is there a need for scanning letter size documents along with checks?

Tim Vasquez: Purepay has a solution for that. If the company was paying me with a check/stub attached and had data that I wanted to capture. I started using that check/stub as my stub and I would just enter data from there so I can capture that image. I decided not to go with a full length page just because there wasn’t enough volume for us to justify trying to put in that solution. Though, Purepay did offer me a solution for our volume that we had.

How do you handle Image Quality problems?

Tim Vasquez: The bank will notify you with the image that doesn’t pass their quality check. It is not a large volume, most of the time the ones you’re going to have returned are the ones where customers have used the ‘Gel’ pens that don’t show up on the image. We get probably one or two of these that we deal with daily during the peak and probably two for the rest of the week. So I say we get probably a handful every week that we have to deal with. That’s why the bank requires you to keep them for whatever the number of days. I think the bank requires 2 weeks or 5 days. That their time to get back to you and tell you these items didn’t clear your image quality, you go back and pull them out and then you deposit them in a paper form. We have a courier that still delivers office deposits for us, so we utilize that courier at that time.

How do you send the remote deposit file to your bank?

Tim Vasquez: Each bank has different guidelines for sending. We use the secure web site for one and SFTP for another.

Does your software do Remittance Amount Recognition? Meaning if the amount is hand written and not in the scanline.

Amanda Hales: We can use ICR (Intelligent Character Recognition) to read a hand written amount on the document. Yes.

In this solution, is there a need for redaction - stripping/removing personal/confidential information before transmitting?

Tim Vasquez: We had to do this a little bit with our credit card payments. We didn’t want the credit card number to be really captured anywhere on our system, almost period. And so during the software configuring you want to store with your payments and whatever it is you want to send from your payments. We also went through with the different banks that we were dealing with the different types of encryption that we would use for the data that would get sent.

What is your item per paid labor hour throughput (IPH)?

Tim Vasquez: Our throughput per machine is around 1,000-1,400 per hour depending on the operator.

Are you sending an X9.37 image file to your banks? Also, how do you determine what bank receives what deposit? Does Purepay allow you to select what bank account to deposit prior to running the deposit?

Tim Vasquez: We are sending tailored x9.37 files to the bank. Each bank has their own customizations required of the x9.37 file. OPPD determines what bank to deposit based upon the ABA number of the check being deposited, but the determination is customizable.

Amanda Hales: The deposit accounts can be setup in the application to be dynamic. You can setup multiple deposit accounts based on criteria in the scanline, etc.

Wednesday, October 1, 2008

System Configuration Pitfalls

By Mark Brousseau

What is the most common mistake billers make when configuring a new remittance system? Looking at the solution with too limited of a scope, says Bob Balotsky ( of Houston-based US Dataworks, Inc.

“Billers may think that they are expanding their horizons by implementing a new system with advanced features and functionality,” said Balotsky, citing exceptions handling and data entry tools as two examples. “But that is not enough. Automating remittance payments that come through the mail, although valuable, doesn’t address the other ways payments are made to an organization.”

Balotsky tells me that organizations need to look beyond the remittance silo and develop an enterprise-wide payment strategy. Only then can an organization take full advantage of the available payment clearing alternatives. “In order to truly maximize organizational efficiencies, billers must take a higher-level, enterprise-wide approach,” Balotsky said.

Yolanda Sanchez (, product manager at US Dataworks, adds that when configuring a remittance system, especially an enterprise payments solution, billers want to be sure to consider the different types of transactions that were previously in different departments, and now will be coming together: “You need to consider the total throughput.” Similarly, billers need to be sure their new solution supports emerging payment types.

Sanchez also warns billers not to fall into the trap of having a new solution replicate the tasks of a legacy system, simply because the organization is familiar with those processes. “Be sure you understand how the new system can be configured to make processes more efficient, or in some cases, eliminated,” Sanchez said. “You need to get past the mental roadblock of, ‘We’ve always done it this way.’” What do you think? Post your comments below.