Sunday, February 22, 2009

School Revamps Computer Security

Posted by Mark Brousseau

An interesting item from this week's Palm Beach Post:

UF to revamp computer security systems after second breach
By KIMBERLY MILLER

Palm Beach Post Staff Writer
Thursday, February 19, 2009

The University of Florida is revamping its computer security systems following the second breach in less than a year that has left the personal information of thousands of students, faculty and staff vulnerable.

The Gainesville school announced Thursday that a hacker broke into its "Grove" computer system, which contained information, including social security numbers, for more than 97,200 people.

In June, 11,300 students and alumni were told that their personal information had been posted online and available to the public for several years.

School officials said in both cases that they have no proof personal information was taken from the sites.

"We know someone was in there, we don't know why they were in there and we don't know what they were doing there," said UF spokeswoman Janine Sikes, about the most recent incident. "We are stepping up our vigilance even more knowing that we've had these breaches."

The recent break-in was discovered Jan. 14 during a routine audit of the system. The program was immediately shut down and university police were notified.

Letters alerting people to the breach were mailed Wednesday.

Sikes said there was a delay in notification because it took two weeks to do the computer forensic work to see whose information may have been compromised. Preparing letters for more than 97,200 people and setting up a call center took another two weeks.

The information that may have been illegally accessed includes that of anyone who used the Grove computer system between 1996 and 2009.

About 3,075 Palm Beach County students attend UF. Another 412 are Martin County residents, and 345 hail from St. Lucie County.

The Grove system provided an online location for faculty to post course materials and class information. It also supported one of the few free e-mail services available on campus.

To verify identification, the system required students to enter their UF identification number, which until 2003 was also their social security number. Faculty records housed on the system also included student UF identification numbers.

Sikes said the system has now been retired.

University officials believe part of the reason for their vulnerability is that the school operates on a decentralized system where computer capabilities differ by college and department.

"We are moving ahead to centralize information technology functions so that we can create consistent approaches to security," Sikes said.

Sunday, February 15, 2009

More Fed Layoffs

Posted by Mark Brousseau

An item from Saturday's Baltimore Sun:

The Federal Reserve Bank of Richmond said 55 employees in Baltimore will be laid off because the Fed is shutting down the check-processing operations in April.

The move is part of a consolidation of nearly two dozen check-processing facilities into four initially announced in 2007 as paper check volumes declined due to the increase of credit and debit card payments. Since that time, paper check volume has continued to fall, resulting in the Federal Reserve Bank of Cleveland serving as the single paper check processing site by the end of 2009.

Wednesday, February 11, 2009

Cost Reduction Driving Solutions Sales

By Mark Brousseau

The current economy is creating additional impetus for expense reduction and service improvement, says Bob Lund (rlund@egisticsinc.com), chairman and CEO of Dallas-based eGistics, Inc., and vice chairman of the TAWPI Board of Directors.

“Every solution that you are going to install has to have a cost reduction element associated with it,” Lund told me. “Increasing functionality without improving productivity isn’t going to get you there.”

What do you think? Post your comment below.

Chicago Fed Cutting Ops Jobs

Posted by Mark Brousseau

This article from the Chicago Tribune is a sign of things to come:

Chicago Fed to cut jobs at check-processing center; first 26 set for next month

By James P. Miller
Tribune reporter

February 9, 2009

A total of 26 employees of the Federal Reserve Bank of Chicago will lose their jobs next month, as the nation's central bank continues to respond to the dramatic falloff in the use of paper checks by cutting back its once extensive network of check-processing faciliities.

In the latest State of Illinois 'WARN" list of employers who have notified workers of impending large-scale layoffs, all of the 97 jobs at the Federal Reserve's Chicago check-processing center in southwest suburban Bedford Park are listed for elimination beginning in March.

But a spokesman for the Chicago Fed said only 26 jobs will be cut next month; the remaining 71 will remain active until at least the fourth quarter.

As recently as 2003, the Federal Reserve banking system had 45 full-service check-processing centers around the country. But credit cards continue to displace the use of paper checks, and at the same time regulatory changes have made it easier to present checks for payment as an electronic image rather than in physical form.

So, the U.S. Fed had halved processing centers by mid-2007, and late last year the central bank announced a plan to operate just one full-service paper-check processing center, in Cleveland, and one electronic-check processing center in Atlanta.

The other processing centers, including the Chicago-area site, will wind down under what the Fed has referred to as "a flexible restructuring schedule," which will lead to their closure "when paper check volumes no longer justify the existing operation."

The Chicago Fed's spokesman said it's not clear when the Chicago center will cease operations. In fact, he said, it is possible that the Chicago center will remain operative, with just a "handful" of employees printing substitute checks from images for the modest number of banks that require a physical check.

The Fed has said it will seek to reassign at least a portion of the workers, if other jobs are available.

The number of paper checks totaled 42 billion in 2001, but by 2006 (the last year for which Fed numbers are available) that number had dropped 29 percent to 30 billion.

Monday, February 9, 2009

Identity Theft Up, Costs Down

Posted by Mark Brousseau

An interesting article from The Washington Post on identity theft:


Survey: Identity theft up, but costs fall sharply
By CANDICE CHOI
The Associated Press
Monday, February 9, 2009; 7:54 AM


NEW YORK -- The number of Americans ensnared by identity theft is on the rise, but victims are striking back more quickly and limiting how much is stolen.

In 2008, the number of identity theft cases jumped 22 percent to 9.9 million, according to a study released Monday by Javelin Strategy & Research. The good news is that the cost per incident _ including unrecovered losses and legal fees _ fell 31 percent to $496.

One reason for the spike in cases is likely the worsening economy. Just last month, 598,000 jobs were slashed across the country and unemployment jumped to 7.6 percent.

"The short story is that criminals are getting more desperate," said Jim Van Dyke, spokesman for Javelin, which started tracking identity theft cases in 2003. Last year marked the first time the number of cases rose.

Crimes of opportunity, such as stolen wallets, were linked to 43 percent of cases last year, up from 33 percent in 2007. That might be why women were 26 percent more likely to be victims of identity theft; they reported more cases of lost or stolen information during in-store purchases.

Online access accounted for only 11 percent of cases, according to the survey.

Despite the growing number of victims, the total fraud amount edged up just 7 percent to $48 billion over the previous year. That's because victims are uncovering cases faster to limit losses. Another reason is that financial institutions are taking more steps to thwart thieves, according to the Javelin study.

For instance, more banks now send change of address confirmations to the original address, Van Dyke said.

This prevents identity thieves from rerouting mail to different addresses and delaying victims' awareness that their accounts are siphoned off.

The Javelin study also found identity theft went undetected longer and cost twice as much when victims knew their attackers. More than 10 percent of victims knew their identity thieves.

Despite the rise in cases, there are simple steps people can take to prevent becoming a victim.

To start, leave personal checks and Social Security cards at home and be aware of who's around when giving personal information in public.

Some types of ID theft aren't preventable, however. Someone could get your personal information by hacking into a retailer's database, for instance.

So even if you're careful about protecting your information, monitor financial accounts regularly.

"Identity fraud is all about prevention and detection," Van Dyke said.

Friday, February 6, 2009

RDC and Risk Management

By Mark Brousseau

On January 14, 2009, the FFIEC (Federal Financial Institution Examination Council) published long-awaited guidance on “Risk Management of Remote Deposit Capture.”

This guidance defines Remote Deposit Capture (RDC) as a “deposit transaction delivery system” rather than simply as a new service. It talks about RDC in terms of information received by a financial institution from checks sent electonically from remotely located businesses and individuals, as well as the financial institution’s branches, automated teller machines (ATMs), and domestic and foreign correspondents. However, it focuses primarily on RDC deployed at a customer location.

RDC introduces some new risks and increases some existing risks in processing deposits, says Kathy Levin, AAP, managing director, Payments Information Circle (404-478-3491, kathy.levin@paymentsinformation.com). Some financial institutions have begun offering the service without fully understanding the risks involved in RDC, she notes.

“The guidance addresses expectations for identifying, assessing and mitigating risk and discusses roles and responsibilities in implementing and operating RDC in a financial institution,” Levin told me. “It makes it clear that, as with any new payment delivery system offered, there should be no implementation of these services without management oversight, compliance/internal audit involvement and board approval.”

Levin adds that the guidance addresses the necessary elements of an RDC risk management program and provides strategic, credit/underwriting, vendor management, legal and compliance, fraud management, and operational and implementation direction for financial institutions. It also emphasizes the importance of adequate risk management at the remote locations, she says.

“Many financial institutions implemented RDC quickly and experienced rapid adoption of the service,” Levin says. “Some may need to go back and revise their policies and procedures to ensure they are in line with the new guidance.”

In addition to the suggestions contained within the guidance itself, Levin says financial institutions will need to utilize information contained in the FFIEC Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual, Interagency Guidance on Authentication in an Internet Banking Environment, Interagency Guidelines Establishing Information Security Standards, and sections of the FFIEC IT Examination Handbook, including the Information Security Booklet, the Management Booklet, the Outsourcing Technology Services Booklet, the Business Continuity Planning Booklet, and the Operations Booklet, to ensure compliance in specific areas.

For a copy of the new FFIEC guidance, visit http://www.ffiec.gov/pdf/pr011409_rdc_guidance.pdf.

Wednesday, February 4, 2009

Deposits Will Be Critical in 2009

By Mark Brousseau

There’s little question that we’ll see continued economic change and upheaval in 2009. But Michael Pratt, chief marketing officer, Panini North America, says remote deposit capture (RDC) solutions create an opportunity for financial institutions (FIs) to defend and even acquire the ever-important Demand Deposit Account (DDA) line of business.

With tightened credit markets and higher regulatory and market scrutiny, domestic deposits have become even more critical for FIs. McKinsey estimates that payments represented $235B in FI revenue in 2006, or 40-50 percent of an average bank’s revenue, Pratt notes. Revenue related to DDA is typically 45 percent of this base, or 18-22 percent of an average bank’s total revenue -- highlighting the significance of payments and deposits to a bank.

Economic conditions have increasingly made deposits the “benchmark” by which FI health is perceived in the market, Pratt says, and is the driver of their ability to continue to facilitate financial transactions. “We have already seen major acquisitions based primarily on access to domestic deposits, so the ability of FIs to capture deposits will be very instrumental to their success,” he explains.

“Deposit retention and acquisitions programs are central to the well being of DDA related income to all financial institutions, resulting in a renewed prioritization for remote deposit capture,” Pratt says. “Distributed capture, after all, is at its core a strategic means of acquiring deposits while lowering operational & processing costs.”

Banks that take maximum advantage of this opportunity to gain new deposits and solidify customer relationships via RDC stand to gain the high ground in the war for deposits, he concludes.

What do you think? Post your comments below.

Phones As Credit Cards?

Posted by Mark Brousseau

An interesting article from the New York Times on using phones as credit cards.

"Phones as Credit Cards? Americans Must Wait"
By Berlin, Leslie
New York Times (01/25/09) P. 4

Cell phone-based payment transactions are widely used in Japan, but the technology's adoption in the United States faces a number of hurdles. The various companies playing a role in the technology's rollout have yet to define standards and agree on a revenue-sharing model.

Also required is a mediator that both the financial institutions and the carriers can trust to activate the virtual credit cards inside the handhelds.

For retailers, the adoption of mobile-phone payments means a faster checkout process, while credit card companies would gain a new tool for attracting and retaining customers as well as save money otherwise spent mailing cards.

Equipping cell phones with virtual credit cards is a source of worry for some, given the propensity for phones to get lost or stolen. However, MasterCard Worldwide's Simon Pugh says one solution is for the consumer to call the bank to report the phone's loss and disable the account.

University of Massachusetts professor Kevin Fu is less concerned about the risk of account fraud from mobile payments than he is about privacy infringement. However, he is optimistic that in time virtual credit cards "will become one of the best ways to do mobile payments."

Tuesday, February 3, 2009

USPS Talking Points

By Mark Brousseau

The remittance space is buzzing about the Postmaster General's recent request to Congress to lift the requirement that the postal service deliver mail six days a week. There is concern from many corners about the potential impact this move would have on the industry.

To help head-off potential public relations issues, USPS prepared the Talking Points below for its staff to use when discussing the Postmaster General's plan. These were passed along by an industry observer.

RECOMMENDED TALKING AND MESSAGE POINTS
PMG TESTIMONY
UPDATED
29 JAN. 09; 2 P.M.


Confirm Testimony
Postmaster General Jack Potter testified Wednesday before a Senate subcommittee on the financial health of the Postal Service. His remarks were candid and he presented options for working our way through the current economic downturn. Potter stressed that the priority would be relief from the prepayment of retiree health benefits.

... Potter’s testimony has been posted on usps.com

Customers First
The Postal Service remains committed to providing the American people with quality, affordable service -- despite the current economic situation. Any decision made to help alleviate our financial situation starts with how it might affect our customers, the American people. We will continue to look at ways to cut costs and improve efficiencies within our system in order to guarantee to deliver the reliable, trusted service our customers have come to expect. In the past year the Postal Service has taken very aggressive cost-cutting actions, including the following:

... Halted construction of new postal facilities;
... Worked with National Association of Letter Carriers to permit a new interim agreement to enable quickly evaluating and adjusting letter carrier routes to reflect diminished volume;
... Frozen the salaries of all Postal Service officers and executives;
... Reducing authorized staffing levels at Postal headquarters by 15 percent;
... Reducing authorized staffing levels in the regional offices by 19 percent;
... Slashed travel and meeting budgets to take advantage of video conferencing technology; and,
... Consolidated some duplicative mail processing operations.

Health Care Relief a Priority
The Postal Service's first option is to restructure the prepayment of future retiree health care costs. We are the only government agency that is required to fully fund all projected retiree health care costs. Nonetheless, the Postal Service remains committed to meeting this obligation but a modified schedule of payments would allow the Postal Service to focus on current financial needs during this crisis. This change would neither increase the health benefit premiums paid by current or future Postal Service retirees, nor would it affect their benefits. Neither proposal would involve tax subsidies.

... Potter asked that the payment schedule for funding be adjusted.
... Modifying the schedule of payments would allow the Postal Service to focus on current financial needs during the economic crisis.
... This change would not increase the health benefit premiums paid by current or future Postal Service retirees.
... This proposal would not involve tax subsidies.

5 Day Delivery
Americans have come to trust and count on delivery six days a week. If the Postal Service is not allowed to postpone retiree health care benefits for at least the next two years, we would look at a temporary solution of limiting delivery to five days a week. This would come only during those periods of the year when mail volume is at its lowest and would be infrequent at best.

... This is a consideration only. No final decision has been made.
... We have no immediate plans to halt our current operating, processing or delivery procedures and systems.
... Our priority remains on working with Congress to change our contribution schedule for the retiree health benefit fund.
... No decisions have been made as to what day we may consider as the “non-delivery” day.
... Business will proceed as it always does. Service, delivery and, especially, work at BSNs continue as it is today.
... It is business as usual for the Postal Service.

What do you think of this? Post your comment below.

Thinking Outside the Box

By Mark Brousseau

The state of the economy has companies looking to optimize whatever solutions they have in place, according to Susan L. Terry (slterry@cds-global.com), director of business development, new markets and indirect channels, CDS Global, a leading provider of outsourced business solutions.

“Whether the optimization is in the form of supplier change, outsourcing, co-sourcing, service expansion or tighter integration with other phases of the supply chain, every opportunity for process efficiency is being reviewed,” Terry told me. “All options are on the table.”

Terry believes the pace of opportunity for outsourced services providers like CDS Global may slow down over the next 12 months, but the scope of opportunities will continue to grow. “As human beings, and as companies made up of human beings, our creativity is at its best when the status quo is removed,” Terry explained. “We are now managing our businesses in a state without status quo, which will enable creative approaches to solving business problems.”

What do you think? Post your comment below.

The Economic Upside

By Mark Brousseau

The current economic downturn has created a renewed focus on cash, and prudent cash management. And like any other economic situation, this trend has a downside and an upside when it comes to solutions sales in the payments space, says Wally Vogel, president of Toronto-based Purepay Receivables Automation (wvogel@pure-pay.com).

“We have seen mixed results in our customer base as a result of the new reality,” Vogel told me.

“One the downside, uncertainty is delaying projects and purchases,” Vogel said. “These deals are not dead by any means, but they are not moving ahead either.” Vogel calls this ‘purchase paralysis.’ “The delays we are seeing now are moving out sales that we have spent months developing. It is frustrating to have them stall as they near the finish line.”

Not only does this stymie payments solutions providers like Purepay, it also frustrates the organizations that can’t do anything but maintain the status quo, Vogel noted.

But there is an upside to the current economic situation. Vogel says Purepay is seeing some of its clients take advantage of the current environment to improve their technology infrastructure and gain a competitive advantage over their more conservative peers. “These clients are reducing costs, expanding their service offerings, and winning business,” he said.

“With the primary goal of prudent cash management, automating and enhancing the payment processing technology platform, and expanding rather than contracting business, is an effective way to achieve positive results,” Vogel said. “Organizations that invest in their payments infrastructure now are on an upward vector and will grow and thrive, despite the economy.”

As for the rest of 2009, Vogel expects to see even more of a stratification of the winners and losers in the payments space, and an increased focus by users on offerings that deliver immediate benefits. “Any investment of capital will be, and should be scrutinized to ensure that there is a solid business case, clear costs savings, and that it creates a competitive advantage,” Vogel said.

What do you think? Post your comment below.