Tuesday, November 30, 2004

P2P - Purchase to Pay Process

Processing financial supply-chain (FSC) transactions is a burden carried by all businesses. However, the size of this burden varies considerably from business to business and varies irrespective of business type or business sector.
Why is this?
Why is it that two businesses buying similar products from the same vendor/supplier arrive at two very different cost models for processing what would appear to be very similar financial transactions? And

why is it that the perception of risk is so different that these two businesses will have widely different control and authorisation processes?

What aspects of their purchase-to-pay (P2P) process are so different, that those businesses that operate the most cost-effective world-class P2P processes are able to process a purchase order (PO) through to settlement for one tenth of the cost incurred by other businesses? (Refer to DIEBOLD awarded with Excllence )

A guideline cost for a European business to process a PO through to payment using reasonably manual processes is around €32 (£22). The same PO, if processed automatically, would cost less than €3 (£2), about one tenth of the cost of a manual PO.

Businesses that operate world-class P2P processes manage to process transactions faster, with much greater efficiency and at a lower cost, and also achieve higher levels of transaction quality than most other businesses. What are the key attributes of their process model that enables them to achieve such dramatically different results? A number of these attributes are discussed within this paper.
Please click here to read the full article.

Five Technologies that will Change Banking

Banks are among the biggest spenders on technology. The amount of spend is a source of pride for some institutions, but it is the extent to which they are spenders on technology rather than investors in technology that we should bring into question.
It is not uncommon for banks to spend upwards of 80 per cent of their IT budgets on the replacement of legacy systems and regulatory compliance. It can be a struggle in this environment to drive innovation and bring new services to market, especially for smaller institutions.

There are few technologies which can help business managers and product managers to take their innovations and de-risk products which customers can find really convenient to use. Let us look at this tehnologies on how it can impact the product thinking of the banks.

SWIFTNet. The interbank communications network has just been upgraded to use Internet Protocols, a plumbing improvement that should enable the development of new real time/interactive services. But just as pre-broadband slowed to a crawl between the exchange and the home, so the promise of SWIFTNet needs to overcome the barrier between the bank's SWIFT Alliance Gateway and its banking applications, many of which are still batch processors. Interactivity needs to reach deeper into the heart of the banking system.

Web Services. Integration between disparate systems remains a stubbornly complex, time consuming task 10 years after the first vendor thought it would be a bright idea to use 'plug and play' and 'seamless integration' in the marketing brochure. EAI, Bus topology, Subsribe return, Adaptors are old technology jargons found their graves.
Vendors stubbornly repeat these promises despite all evidence to the contrary - perhaps because their clients want to believe in them so much. The vendor and client are seamlessly integrated in a consensual delusion. Web Services are the latest attempt to solve the integration issue and who knows? They might just work.

One of the example of RSS feeds which has changed the way content can be delivered to the desktop of individual interested visitor. I acknolwedge that XML is also taking it's toll like my previous posting of useage of IFX protocl by POS and AMT manufacturer for evolving next version of their products which are talking to BASE24 from ACI - Back end transaction processing plateform.

Mobile Phones. The mobile phone is the payment instrument of the future. Banks only handed out plastic cards because they could be carried everywhere and stuck into machines. People now reach for their mobiles before reaching for their wallets. Looking at the Simpay initiative from Vodafone, T-Mobile and others or the FeliCa mobile wallet from NTT DoCoMo it is not hard to imagine a day when your mobile account becomes your bank account, or when banks start to issue mobiles in preference to thin plastic rectangles.

Another example of using Bluetooth technology in ATMs. U are standing in queue at the other end with distance of 10 men and women in between you and ATM. With your blue tooth enabled cell phone, u can talk to bluetooth enabled ATM and perform your transaction request while in queue.

Moment you insert your card, Bingo ... u got your cash, card and receipt all together and bingo on your way to car. Test are going on for such things and more, offline ATM storing your history of transaction to suggest new product or repeated cash amount from your preferred account with display of last five transation before you press "CANCEL"

Open Source Development. Banks face a huge host of problems, some of which are particular to an individual bank but most of which are common issues across all institutions. If airlines operated in the same was as banks, they would all be building their own aircraft and trying to compete with each other that way. Proprietary solutions to common problems are not the way of the future. A community approach to applications development would support standardisation, which is what clients want, and reduce total cost of ownership, which is what bank shareholders want. It is in line with SWIFTNET and REUTERS which are the common tresurery Weapons used by practically all the tresurery. Their other gizmos are BLOOMBERG terminals to view their market place in colorful way. I call all of them as high end "UTILITY Computing platforms". I hope IBMers are HPs are wathcing the same writings as I.

Unified Modelling Language (UML). No matter how development is undertaken - open source or otherwise - the biggest challenge in any IT project is the prosaic matter of requirements management. The yawning gap between what the business wants and what the project team thought the business wanted is all the more pressing now that so much development work is done offshore. Structured modelling techniques such as UML can bridge the divide - any business person wringing their hands at the latest project delay or cost overrun should get themselves on a course ASAP.

There are a number of new technologies that hold great promise - endless possibilities and opportunities. The extent to which banks can explore and exploit these opportunities will be given by the degree to which they can embrace common solutions for common problems. This will free up time wasted on the maintenance of proprietary legacy solutions and enable institutions to be earlier adopters of new technology.

Monday, November 29, 2004

New face of ATM(Automated Teller Machine)

“IFX” -- not just another bank computer acronym to file and forget – it’s the key to integrating the ATM channel with Internet banking, the call center and the rest of the enterprise.

The ATM industry is undergoing the most significant transformation in its history, Stephen Risto, director, ATM Software Center of Expertise, NCR, said during a Wednesday afternoon session. Potential changes involve a richer set of functions, open standards, response to Check 21, regulatory compliance, relationship marketing, personalization and enterprise integration.

Every component of the software stack on an ATM is in flux at this moment, Risto said. “There’s strong industry consensus on the primary technologies for ATMs for the next five to 10 years.”

Those include the Windows operating system, the SNMP protocol that carries detailed information about the health of the machine, the TCP/IP communication protocol that enables integration with the rest of the bank, and client-server architecture that enables the full applications needed to provide customers with the services they want on today’s ATMs.

Among the most notable is IFX, or “Interactive Financial eXchange,” a business messaging standard developed by the financial industry and technology providers. It is vendor-independent, eliminating proprietary formats. Most important, IFX can be used by multiple channels.

For customers, that means consistent services and branding across channels and a consistent user interface. For the bank, it means a common infrastructure that enables re-use of applications, tools, and staff skills across channels.

George Throckmorton, senior marketing manager, ACI Worldwide, Sandston, Virginia, said there is no deviation from the standard among vendors so far. The standard is developed and protected through an organizational structure that includes a board of directors, steering and architecture committees and working groups that focus on specific applications such as electronic bill presentation and payment, business banking, credit application processing, insurance, ATMs, point of sale and branch and Web services.

First National Bank of Omaha, which has more than 350 ATMs and customers in all 50 states, plans to start obtaining the benefits early in 2005. Scott McCormack, director of Self-Service Banking, said the company started its migration to IFX in late 2001 as part of complying with requirements for Triple DES encryption and accommodation of customers with disabilities.

Retail Delivery '04 wrap-up

One can see a fake volcano, faux Eiffel Tower, phony pyramid and other unreal objects on a quick tour of Las Vegas, the city that has elevated artificiality into an art form.

But inside the Las Vegas Convention Center, it was the real deal for attendees of last week's BAI Retail Delivery Conference and Expo. They were wowed by some of today's latest and greatest financial self-service technology.

Not quite ready for Triple DES? Vendors want to help. Front and center in the KAL booth was the software developer's upgrade kit, which includes a Triple DES-compliant EPP (encrypting PIN pad) and processor, along with KAL's multi-vendor Kalignite NDC application.

Triton showed an upgrade kit that will essentially transform its legacy 9500 into a 9100, its popular entry-level ATM, at a price point that Triton President Brian Kett called "very, very attractive."

Thales was promoting a trade-up program that offers a 25 percent discount off its HSM 8000 host security module, along with one year of free support and maintenance and two days of free training, for ATM operators trading in their Atalla A10000E unit . The Thales HSM processes 800 transactions per second, compared to 540 tps for the Atalla model.

The skinny on software: Wincor Nixdorf has four German customers running thin client ATM applications, rather than the usual fat client, on some 15,000 ATMs. In a thin client environment, applications are updated on a server rather than the ATM itself, making it simpler and less expensive to manage a network, said Scott Hackl, vice president of Wincor's Banking Solutions USA.

Counting on coins: mCom demonstrated its Darwin software, which allows financial institutions to update content at kiosks, ATMs and other devices using a browser-based control panel, with a child-oriented coin-counting application.

An animated parrot named Penny invites kids to dump their coins into a counter, which dispenses an itemized receipt they can exchange for cash at the teller window. Two FIs that have installed the counters have seen lobby traffic "go through the roof," said Dan Stechow, mCom's chief operating officer.




ervice for sale? Rumor has it that a large third-party service company may be pondering a sale to an ATM vendor looking to beef up its service infrastructure in the United States.

And then there were… Two transaction processors -- practically the only independents left after the Royal Bank of Scotland purchased Lynk Systems in September -- are reportedly talking to potential buyers as well.

Serve the customer: Wachovia spent a whopping $100 million to improve customer service following its 2000 merger with First Union. "You cannot sell enough product to make up the loss from customer attrition," said G. Kennedy Thompson, Wachovia's chairman, president and chief executive officer. The investment paid off; attrition levels have fallen from 20 percent in 2000 to 10.5 percent today.

Fire his hairdresser: A Donald Trump impersonator, wearing what looked like an orange fright wig, entertained attendees several times a day in Fiserv's booth.

Intriguing interface: Diebold showed a concept ATM that utilized a dial-like device called a haptic user interface, rather than a keypad, for PIN entry. One could enter PINs and select transactions by twirling the dial, then pressing a button that felt a bit like a computer mouse. The device would eliminate shoulder surfing and provide a more intuitive interface for users with disabilities, said Jim Block, Diebold's director of advanced technology.



While I had trouble entering my PIN, I was not weaned on electronic games -- not so the next generation of ATM users.

Free of fees: Thanks to both Diebold and Triton for offering surcharge-free ATMs in the exhibit hall. The machine in my hotel lobby charged $3, which was more than this frugal user wanted to pay. Bill Jackson, Triton's chief technical officer, said some $7,000 was dispensed from his company's machine, which used cellular technology rather than a traditional phone line for connectivity.

Persistence pays: Trusted Security Solutions is adding a persistent key component to its A98 Initial Key Establishment System that will allow the first half of a cryptographic key to be injected into an ATM either at the factory or during installation. Then a single service technician can visit the machine to inject the second half of the key.

The method is less costly and more secure than the usual practice of dispatching two technicians with key components to ATMs, said Dennis Abraham, the company's president.

Checks and balances: Vero, a company founded by retail ATM pioneer Dave Grano, is introducing an automated check cashing solution designed to help FIs move non-customers cashing checks away from the teller line. A teller enrolls the user in the system; thereafter the user can cash his checks at an ATM equipped with an image scanner.

Vero will install its first system at a branch of California's Palm Desert National Bank in December. PDNB also plans to make the product available to its vault cash clients, primarily ISOs who may be interested in offering it to retailers.

CashWorks has grown its check cashing customer base to some 3,000 locations since it began offering the service at two new terminals that totally automate the process. Previously, a clerk or other party had to initiate the process at a point-of-sale terminal.

Will Sowell, the company's general manager, said CashWorks also plans to target FIs, many of whom are interested in attracting new customers that currently do not have bank accounts. Check cashing offers a way to get those potential customers into a bank branch, Sowell said.

Another newcomer, Financial Payments, demonstrated its automated check cashing service in both the Tidel and Tranax booths. Brent Turner, the company's chief operating officer, said Financial Payments offers users the ability to load their funds onto a prepaid debit card that can be activated right at the ATM/kiosk.

Entry level ATMs: Both NCR and Diebold debuted ATMs designed to be the most compact and cost effective members of their flagship product lines. In NCR's case, the Personas 62 replaces its EasyPoint 55 and EasyPoint 57. Diebold's Opteva 500 supplants its CashSource Plus 200 and CashSource Plus 400. The new models, unlike those they displaced, feature full-blown PC processors.



ATM service, the movie: Bank employees or other folks performing first-line ATM service on Diebold ATMs can view step-by-step video instructions on procedures such as clearing paper jams on the service screen in the rear of its machines.

Facing down fraud: Several vendors, including Wincor Nixdorf, NCR and Diebold, demonstrated devices designed to thwart both card skimming and card trap schemes at ATMs. An idea that would be extremely simple and inexpensive to implement, seen in NCR's booth, was a screen graphic with text that read: "If the ATM card reader does not look like this, do not use it."

Easy integration: A TRM executive attending the show said the conversion of 17,000 ATM contracts it purchased from eFunds Corporation will likely be one of the simplest in industry history. "They were on eFunds yesterday, and they'll be on eFunds tomorrow," he said, noting that eFunds will continue to provide transaction processing and other services for five years.

Learning curve: Panelists in a session entitled "Check 21: From Compliance to ROI" agreed that the industry needs to address several issues related to check imaging, including the quality of images. One panelist noted that while quality has improved, it remains far from perfect.

"We're not out of the woods yet," he said, noting that his institution experienced problems with checks that featured a graphic of an American flag - a popular style with patriotic customers.

Site surveys: Both MapInfo and Claritas offer services that they say will help FIs pinpoint the best new locations for ATMs (and bank branches) by analyzing such factors as household incomes of area residents and proximity to existing ATMs.

Bill Harvey, vice president of Claritas' National Accounts Group, said Claritas, can drill down into data to, for instance, pinpoint differences between daytime and night time populations. "You might have a large workforce population during the day that wouldn't be there at night, which is something that you'd want to know."

POS product: Level Four, which markets simulation tools for ATMs, introduced a similar product for POS terminals. The simulator allows users to test of any kind of transaction, online or offline, initiated with either magnetic stripe or chip cards. Jorge Fernandez, president of Level Four Americas, called the new product a "natural step," noting that many FIs operate both ATM and POS networks.

Real-time review: A new product called Transaction Surveillance, demonstrated by software developer Integrated Research, will help clients determine the causes of failed or declined transactions in real-time, by allowing them to analyze transactions by acquirer, issuer and other factors, using a browser-based interface. Integrated Research's clients include switches like Fiserv and Concord EFS, as well as FIs like Wells Fargo and Citibank.

On with a different show? Several major ATM manufacturers, reportedly dissatisfied with the cost of exhibiting and the limited exposure to new prospects at large shows like Retail Delivery, are quietly trying to recruit other companies to participate in an entity that would present a series of smaller regional trade shows. The new group would, in theory, give smaller companies more equitable representation on the exhibit floor, according to a software vendor familiar with the proposal.

Friday, November 26, 2004

Today is Sikh Guru Nanak Jayanti


Today is Guru Nanak Jayanti. Guru Nanak was influenced by Hindu, Muslim and Sufi philosophy of India.

The founder of the Sikh religion, Guru Nanak was born on April 15, 1469 in the Western Punjab village of Talwandi. He was born to a simple Hindu family. His father Mehta Kalian Das was an accountant in the employment of the local Muslim authorities. From an early age Guru Nanak made friends with both Hindu and Muslim children and was very inquisitive about the meaning of life. At the age of six he was sent to the village school teacher for schooling in reading and writing in Hindi and mathematics. He was then schooled in the study of Muslim literature and learned Persian and Arabic. He was an unusually gifted child who learned quickly and often question his teachers. At age 13 it was time for Guru Nanak to be invested with the sacred thread according to the traditional Hindu custom. At the ceremony which was attended by family and friends and to the disappointment of his family Guru Nanak refused to accept the sacred cotton thread from the Hindu priest. He sang the following poem;

"Let mercy be the cotton, contentment the thread, Continence the knot and truth the twist. O priest! If you have such a thread, Do give it to me. It'll not wear out, nor get soiled, nor burnt, nor lost. Says Nanak, blessed are those who go about wearing such a thread" (Rag Asa)

Early one morning accompanied by Mardana, Guru Nanak went to the river Bain for his bath. After plunging into the river, Guru Nanak did not surface and it was reported that he must have drowned. The villagers searched everywhere, but their was no trace of him. Guru Nanak was in holy communion with God. The Lord God revealed himself to Guru Nanak and enlightened him. In praise of the Lord, Guru Nanak uttered;

"There is but One God, His name is Truth, He is the Creator, He fears none, he is without hate, He never dies, He is beyond the cycle of births and death, He is self illuminated, He is realized by the kindness of the True Guru. He was True in the beginning, He was True when the ages commenced and has ever been True, He is also True now." (Japji)

"Let God's grace be the mosque, and devotion the prayer mat. Let the Quran be the good conduct. Let modesty be compassion, good manners fasting, you should be a Muslim the like of this. Let good deeds be your Kaaba and truth be your mentor. Your Kalma be your creed and prayer, God would then vindicate your honour." (Majh)

Thus having spread the words of reform throughout his lifetime, Guru Nanak successfully challenged and questioned the existing religious tenants and laid the foundations of Sikhism.
Detail on Biography of Guru Nanak dev please click.

German railway on track with Linux migration

The company responsible for managing the German railway system is partway through migrating its servers to Linux, and expects to have more than 300 Linux servers in operation by the end of 2004, as part of a cost-saving initiative.

Deutsche Bahn (DB), which manages the German railway system, is moving from an infrastructure based on IBM Mainframes, and Solaris, Windows and HP Non-Stop servers, to a standardised infrastructure primarily based on the Linux running on Intel servers and mainframes.

Detlef Exner, the managing director of DB Systems, said the company decided to move to Linux as part of a short-term plan to cut costs. The migration to the open-source operating system is due to be completed in 2006 or 2007.

"DB Systems has major targets to reduce costs and increase the service levels," said Exner. "One of the main strategies to achieve this is to implement Linux."

But not all applications are due to be migrated as the decision has primarily been made for cost rather than technical or strategic reasons, according to Exner.

"If we wanted to transfer everything to Linux it would cost a lot of money. We are interested in saving money in the short term -- over the next two to three years -- not over 10 years."

Applications will only be migrated if there is a business reason. Applications which would require extensive rewrites, or for which the company has recently purchased a Solaris machine, are less likely to be migrated, said Exner.

Exner said it is initially migrating applications which are available on multiple platforms, such as Lotus Notes, SAP and HP Non-Stop applications.

It has migrated some of its email servers from Solaris running z/OS to Linux, so an estimated half of its 55,000 Lotus Notes users are now being served by a Linux server. This migration is due to be completed at the end of the year as its z/OS licence is due to run out on 1 January, 2005.

DB is also migrating parts of its SAP system from Solaris to Linux, and started transferring all HP Non-Stop applications to Linux at the start of October.

Exner was unable to say how much DB would save with these migrations, but said the expected cost savings are higher when migrating from a mainframe or HP environment, than when migrating from a Solaris or Windows platform.

"The transfer of HP Non-Stop applications will result in a major cost reduction," said Exner. "Last year we compared the costs of our major platforms -- IBM Mainframe, HP Non-Stop Server, Solaris server and Windows server -- with Linux. We found out that Solaris and Windows server are quite expensive, while mainframe computing and HP are much more expensive."

Later this year DB is due to start migrating its Adabas databases and it Web server technologies -- JBoss, Tomcat, Apache and Weblogic -- from Solaris to Linux. This transfer will be finished next year.

DB has chosen to use a combination of Red Hat and SuSE Linux, as it is not obvious which is really leading the market, said Exner.

"We chose to use both as the market is not really clear -- we didn't want to back ourselves into a corner," said Exner. "Red Hat has a strong market in the US, and SuSE has backing of Novell. The market is not very clear so we wanted to be independent."

Before moving to Linux, DB set up a standardised environment for both Red Hat and SuSE Linux on both the Intel and mainframe platform to make the systems easier to install and maintain. This set-up has not only reduced the time it takes to install and maintain the servers, but has also given the company flexibility in service levels, as applications can be shifted from an Intel server to a mainframe depending on the system resources required.

"It takes three hours to set up a Linux server, while in the past it took up to three weeks -- due to standardisation," said Exner. "Also, we can easily shift applications from an Intel server to a mainframe -- we can therefore decide on the service level, if we want a high service level we use the mainframe."

As for future plans, DB may move to Linux on the desktop in the future, but nothing has been decided yet. "We expect to make a decision in the next year -- we will see if it is profitable," said Exner. "We currently have about 55,000 desktops."

Thursday, November 25, 2004

Wisdom - The Three Fold ways of Buddhism

The aim of all Buddhist practices, including meditation, is prajna, or wisdom. The Buddha taught that the fundamental cause of human difficulties is our existential ignorance - our failure to understand the true nature of reality and wisdom is the opposite of this.

To start with, we simply need to hear the teachings that indicate the Buddhist vision of life. Then we need to reflect on them and make sense of them in relation to our own experience. But prajna proper means developing our own direct understanding of the truth. It is not enough to know the Buddha's philosophy, or even to have a good understanding of it. The ultimate aim is to realise the truth for oneself and to be transformed by that realisation.

The Buddha taught that life - everything we experience - has three characteristics. He called these the three marks of conditioned existence. Firstly he said that all life is dukkha, or unsatisfactory. He also said that it is impermanent. Everything in the universe, including ourselves and the thoughts that make up our minds, is in a constant process of change. And yet we act as if the world around us is predictable and stable, and we live our lives as if death were not a certainty. Buddhists reflect on the fact of impermanence, and try to live with this understanding. Thirdly, wherever we may look in life for something something solid and unchanging, we only find flux. So he said that all existence is anatta or insubstantial. There is no fixed, abiding essence to things, and no eternal soul within human beings.

A person who is wise in the Buddhist sense will naturally see life in terms of these qualities or marks, and prajna means setting aside the pleasing illusions that we adopt to make life comfortable, and to live more and more on the basis of these truths. A full comprehension that nothing lasts, or has anyfixed substance, has an utterly transformative effect. This also means that everything in life is interconnected: no individual is entirely separate from other individuals, and humanity is not separate from the world it inhabits. From this naturally arises compassion, or universal loving-kindness, which is the counterpart of wisdom.

Meditation - The Three Fold ways

There are many things in life that are beyond our control. However, it is possible to take responsibility for and to change one’s state of mind. According to Buddhism this is the most important thing we can do, and Buddhism teaches that it is the only real antidote to the anxiety, hatred, discontentedness, sleepiness, and confusion that beset the human condition.

Meditation is a means of transforming the mind. Buddhist meditation practices are techniques that encourage and develop concentration, clarity, and emotional positivity. By engaging with a particular meditation practice one learns the patterns and habits of the mind, and the practice offers a means to cultivate new, more positive ways of being. With discipline and patience these calm and focused states of mind can deepen into profoundly tranquil and energised states of mind. Such experiences can have a transformative effect and can lead to a new understanding of life.

Over the millennia countless meditation practices have been developed in the Buddhist tradition. All of them may be described as 'mind-trainings', but they take many different approaches. The foundation of all of them, however, is the cultivation of a calm and positive state of mind.

Each year thousands of people learn meditation with the FWBO. They learn two basic meditations that develop these qualities: the Mindfulness of Breathing and Loving-Kindness meditation or Mettabhavana.

ETHICS -the threefold way

Another formulation of the path is the Threefold Way of ethics, meditation, and wisdom. This is a progressive path, as ethics and a clear conscience provides an indispensable basis for meditation, and meditation is the ground on which wisdom can develop.

Ethics

To live is to act, and our actions can have either harmful or beneficial consequences for ourselves and others. Buddhist ethics is concerned with the principles and practices that help one to act in ways that help rather than harm.

The core ethical code is known as the five precepts. These are not rules or commandments, but 'principles of training', which are undertaken freely and put into practice with intelligence and sensitivity. The Buddhist tradition acknowledges that life is complex and throws up many difficulties, and it does not suggest that there is a single course of action that will be right in all circumstances. Indeed, rather than speaking of actions being right or wrong, Buddhism speaks of the being skilful (kusala) or unskilful (akusala).The Five Precepts are as follows:

1. Not killing or causing harm to other living beings. This is the fundamental ethical principle for Buddhism, and all the other precepts are elaborations of this. The precept implies acting non-violently wherever possible, and many Buddhists are vegetarian for this reason. The positive counterpart of this precept is love.

2. Not taking the not-given. Stealing is an obvious way in which one can harm others. One can also take advantage of people, exploit them or manipulate them - all these can be seen as ways of taking the not-given. The positive counterpart of this precept is generosity.

3. Avoiding sexual misconduct. This precept has been interpreted in many ways over time, but essentially it means not causing harm to oneself or others in the area of sexual activity. The positive counterpart of this precept is contentment.

4. Avoiding false speech. Speech is the crucial element in our relations with others, and yet language is a slippery medium, and we often deceive ourselves or others without even realising that this is what we are doing. Truthfulness, the positive counterpart of this precept, is therefore essential in an ethical life. But truthfulness is not enough, and in another list of precepts (the ten precepts or the ten kusala dharmas) no fewer than four speech precepts are mentioned, the others enjoining that our speech should be kindly, helpful, and harmonious.

5. Abstaining from drink and drugs that cloud the mind. The positive counterpart of this precept is mindfulness, or awareness. Mindfulness is a fundamental quality to be developed the Buddha's path, and experience shows that taking intoxicating drink or drugs tends to run directly counter to this.


The Foure Noble Truths in Buddhism

The Four Aryan (or Noble) Truths are perhaps the most basic formulation of the Buddha's teaching. They are expressed as follows:

1. All existence is dukkha. This word has been variously translated as 'suffering', 'anguish', 'pain', or 'unsatisfactoriness'. The Buddha's insight was that our lives are a struggle, and we do not find ultimate happiness or satisfaction in anything we experience. This is the problem of existence.

2. The cause of dukkha is craving. The natural human tendency is to blame our difficulties on things outside ourselves. But the Buddha says that their actual root is to be found in the mind itself. In particular our tendency to grasp at things (or alternatively to push them away) places us fundamentally at odds with the way life really is.

3. The cessation of dukkha comes with the cessation of craving. As we are the ultimate cause of our difficulties, we are also the solution. We cannot change the things that happen to us, but we can change our responses.

4. There is a path that leads from dukkha. Although the Buddha throws responsibility back on to the individual he also taught methods through which we can change ourselves. One formulation of these methods is known as the Noble Eightfold Path of right view, aspiration, action, speech, livelihood, effort, mindfulness, and meditation.

Dealing with Fear

We suffer and come across fear on our day to day life. Some are not worthy to remember but some create dangerous pattern in our mind. I went to search for root cause analysi and hit by systametic explanation of Fear and how can it be managed.

Excerpt of posting on THARPA website is given below. Click here to read Full length analysis.

According to Buddhism, there is unhealthy fear and healthy fear.

For example, when we are afraid of something that cannot actually harm us - such as spiders - or something we can do nothing to avoid - such as old age or being struck down with smallpox or being run over by a truck - then our fear is unhealthy, for it serves only to make us unhappy and paralyze our will.

On the other hand, when someone gives up smoking because they are afraid of developing lung cancer, this is a healthy fear because the danger is real and there are constructive steps they can take to avoid it.

We have many fears-fear of terrorism, fear of death, fear of being separated from people we love, fear of losing control, fear of commitment, fear of failure, fear of rejection, fear of losing our job, the list is never-ending!

Many of our present fears are rooted in what Buddha identified as "delusions" - distorted ways of looking at ourself and the world around us. If we learn to control our mind, and reduce and eventually eliminate these delusions, the source of all our fear-healthy and unhealthy-is eradicated.

However, right now we need the healthy fear that arises from taking stock of our present situation so that we can resolve to do something about it. For example, there is no point in a smoker being scared of dying of lung cancer unless there is something that he or she can or will do about it, i.e. stop smoking.

If a smoker has a sufficient fear of dying of lung cancer, he or she will take steps to kick the habit. If he prefers to ignore the danger of lung cancer, he will continue to create the causes of future suffering, living in denial and effectively giving up control.

Just a smoker is vulnerable to lung cancer due to cigarettes, it is true that at the moment we are vulnerable to danger and harm, we are vulnerable to ageing, sickness, and eventually death, all due to our being trapped in samsara — the state of uncontrolled existence that is a reflection of our own uncontrolled minds.

We are vulnerable to all the mental and physical pain that arises from an uncontrolled mind-such as the pains that come from the delusions of attachment, anger, and ignorance. We can choose to live in denial of this and thereby give up what control we have, or we can choose to recognize this vulnerability, recognize that we are in danger, and then find a way to avert the danger by removing the actual causes of all fear (the equivalent of the cigarettes) - the delusions and negative, unskillful actions motivated by those delusions. In this way we gain control, and if we are in control we have no cause for fear.

A balanced fear of our delusions and the suffering to which they inevitably give rise is therefore healthy because it serves to motivate constructive action to avoid a real danger. We only need fear as an impetus until we have removed the causes of our vulnerability through finding spiritual, inner refuge and gradually training the mind.

Once we have done this, we are fearless because we no longer have anything that can harm us, like a Foe Destroyer (someone who has attained liberation, defeated the foe of the delusions) or a Buddha (a fully enlightened being). All Buddha's teachings are methods to overcome the delusions, the source of all fears. For an introduction to these teachings, see Transform Your Life.

Wednesday, November 24, 2004

If - Rudyard Kipling

If you can keep your head when all about you
Are losing theirs and blaming it on you;

If you can trust yourself when all men doubt you,
But make allowance for their doubting too;

If you can wait and not be tired by waiting,
Or, being lied about, don't deal in lies,
Or, being hated, don't give way to hating,
And yet don't look too good, nor talk too wise;

If you can dream - and not make dreams your master;
If you can think - and not make thoughts your aim;

If you can meet with triumph and disaster
And treat those two imposters just the same;

If you can bear to hear the truth you've spoken

Twisted by knaves to make a trap for fools,
Or watch the things you gave your life to broken,
And stoop and build 'em up with wornout tools;

If you can make one heap of all your winnings
And risk it on one turn of pitch-and-toss,
And lose, and start again at your beginnings
And never breath a word about your loss;

If you can force your heart and nerve and
sinew To serve your turn long after they are gone,
And so hold on when there is nothing in you
Except the Will which says to them: "Hold on";

If you can talk with crowds and keep your virtue,
Or walk with kings - nor lose the common touch;

If neither foes nor loving friends can hurt you;
If all men count with you, but none too much;

If you can fill the unforgiving minute;
With sixty seconds' worth of distance run -
Yours is the Earth and everything that's in it,
And - which is more - you'll be a Man my son!

Tuesday, November 23, 2004

The Weakest Security Link of Security Architecture

I always admired aspect of technology in the hand of few. Large Size IT operations always have problem of delegation versus controlling. For better response to IT Users, IT administrators are given more free hand but, darker side of more authority proving at perimeter of organisation.

PC Magazine and Gartner has started researching and cautioning more to all CIOs and CSO about strengthing the weakest link. Decision maker are already finding difficult to balance cost for enhancing security with the increase in revenue contributed by such security in vestment. They are hard press with one more important aspect which almost all the seucrity architecture has ignored.

What’s the weakest link in your network security infrastructure: your firewalls, antivirus systems, telecommuter PC, road-warrior notebooks? Here’s a hint: Go look in the mirror. Most security experts agree that a clever hacker can penetrate almost any network simply by asking the right users for the right information. Using a variety of manipulative techniques—together known as

Social engineering—that exploit a human being’s natural desire to trust and help others, or to gain something for nothing, hackers can learn user names, passwords, and other information that allows them to penetrate networks—even those secured with the most advanced technology.

If you find this hard to believe, take a look at the sidebar “Five Tricks Hackers Use on You” and consider how you might respond in such situations. But the techniques explained there are only a few of the hundreds hackers use to gain valuable information.

In fact, hackers can gain a lot of information without talking to anyone, simply by surfing company Web sites for executive titles, financial information, organizational charts, and employee e-mail addresses and phone numbers. They can also sift through company trash for org charts, employee directories, system and application manuals, marketing plans, memos, company letterhead, human resources manuals, financial printouts, and procedure/policy manuals. Hackers use this information to gain the trust of others through phone calls and e-mails, often masquerading as an employee, customer, or consultant and convincing employees to provide information that can, little by little, get them into company LANs.

The techniques for eliciting information from staffers are similar to those used in any con. They include

• overwhelming the target employee with lots of different information and strange questions or using strange and confusing arguments that make it difficult to process what is happening;

• helping the target with some technical problem, possibly one that the hacker has created. This is often called reverse social engineering;

• making statements that elicit strong emotions or using intimidation tactics;

• in the case of resistance, yielding on one or more small points. After a while the target often feels he must yield to other requests in return;

• sharing information and technology over time without asking for anything in return—at least not at the moment. When it comes time for the hacker to request information, the target feels he must reciprocate;

• pretending to have the same interests as the target, perhaps through information gained in user groups;

• pretending that the target can help a fellow employee fulfill an important commitment that employee has made;

• maintaining a seemingly innocent, friendly relationship with the target during which the hacker learns, bit by bit, company jargon and the names of key employees, servers, and applications.

Remember that a very large percentage of security breaches originate internally from disgruntled employees or from nonemployees—such as consultants, partners, and so forth—who have system access. People rarely question the actions of insiders.

Of course, social engineering doesn’t target only companies. The same techniques are also used against individuals to gain personal information such as credit card numbers, user names, and passwords for accessing popular e-commerce sites. One common technique is phishing, which uses a combination of e-mail messages and fake Web sites to convince users they are dealing with a major company.

If you still have doubts about the efficacy of social engineering, take a lesson from the best. Kevin Mitnick, the notorious late-20th-century hacking superstar has said again and again that he penetrated networks much more easily by manipulating people than by technology.

The truth is that most companies spend a lot more money and resources tackling security with technology than with people. But most products and technologies are not designed to protect against social engineering. So what do you do?

You should approach the problem from two angles: protecting the physical spaces that are commonly penetrated, such as offices, dumpsters, and Web sites, and protecting users through clear policies and ongoing education.

Physical security is the easier part. Here are some important tips, many of which overlap physical security and policy.

Make sure all employees and visitors wear identification badges. Require that visitors be escorted to their destinations.

Determine which documents must be kept locked away at all times and which require shredding on disposal.

• Keep your dumpsters in secure, locked, and monitored locations.

• Make sure that all systems, including client PCs, are protected by strong passwords that change frequently. Implement and enforce screensaver passwords that take effect after a few minutes of idle time.

• Encrypt files stored on hard drives that contain confidential information.

• Avoid posting too much information on your public Web site.

Policy and training are harder. Employees may not understand the value of the information they give away. They must be educated continually on how to respond to unknown people requesting information, and they need to be aware of how easily they can be manipulated.

One of the best ways to give employees insight is to hold a training session and before it begins, use social engineering techniques to elicit confidential information from them. Then have the teacher amuse the class by telling them what she or he learned and from whom.

You need to draw up clear policies on what type of information should not be divulged under any circumstances. Seemingly simple tidbits, such as a server name, organizational structure info, or company jargon, can be invaluable to a hacker. Your policies should spell out clear rules for information access, setting up the physical security and safeguards outlined above. Make sure there are clear penalties for violating those policies. It’s much easier for employees to refuse to divulge information if the policy is clearly spelled out.

Tools for fighting social engineering are rare, but content filtering and antispam products, such as MailFrontier Matador, can be configured to detect signs of fraudulent e-mails or to prevent employees from giving away sensitive information. Matador in particular uses a number of patented techniques to detect phishing and other suspicious e-mails.

Fighting social engineering is a continuous battle in which the attackers find clever ways around existing safeguards. It’s important to keep up with the new tactics social engineers use and to implement policies to stop them quickly. And keep reminding employees that they are the true corporate firewall.

3 Maskteer's Glass - Indian Economy 2010

As posted in ASIA MONEY's article - November 2004.

India is growing strong and has the potential to become one of the world's most vibrant economies. But the country still faces challenges: rampant poverty, a burgeoning budget deficit and a new government. Asiamoney asked three Indian experts - a leading CFO, a fund manager and an investment banker - about the recent elections, reforms and the future of India and its capital markets.

  • Amit Chandra (AC), joint managing director, DSP Merrill Lynch.
  • Arindam Bhattacharjee (AB), fund manager, Emerging Markets Management.
  • Mohandas Pai (MP), chief financial officer at Infosys.

What are the major themes in India's financial markets?

MP: The one major issue that people are talking about is the movement of interest rates. They have bottomed out and could move up despite having adequate liquidity in the market place. The key issue with...rates is what corporates should do if and when they move. Second is consumer demand and growth and what India's growth rate will be for the next four to five years. It could be 7 per cent to 8 per cent p.a. for the next five years (We_d_living: As per C K PRahalad, Research PRfoessor at Michigan Ross University,USA - 10-10 is success formula for India i.e. 10% must be the growth of INDIA )and people are excited and discussing expansion plans for industries like the steel and metals, construction, pharmaceuticals, automobiles, heavy engineering, textiles and the IT industry, where the global market is opened up. Also, everyone agrees that India needs to invest more in infrastructure.

AB: The big issues are: will the new government continue and/or accelerate the economic reform programme and peace initiatives with Pakistan followed by the previous government. And secondly, how quickly will we see interest rates reverse. Finally, after a sharp revival in economic growth led by agricultural production and manufacturing growth, will we see a repeat or a return to 4-6 per cent growth rate?

AC: While the long-term story of strong growth and returns seems to be intact, over a short- to medium-term perspective, the market is being overshadowed by the volatility in flows to emerging markets, the high crude prices and rising inflation, developments in China, and the issue of [the] introduction of turnover tax.

After the elections, there was hundreds of millions of dollars of redemptions by foreign investors out of the Indian stock market. How did this affect the market and has the situation improved? Did you sell down your Indian positions following the elections - have you since re-invested those funds in India?

AC: The stock market did see a sharp 20 per cent plus correction post the elections on the back of a sell-off by both domestic and international investors. However, I don't think the sell-off is something to be over concerned with considering the fact that the Indian markets had nearly doubled over the previous 18 months and that most emerging markets were also under pressure since the beginning of the year, driven by the change in global flows. The situation since then has improved and markets have risen more than 10 per cent from their lows as investors realise that reforms are going to continue and economic growth is expected to remain in the 7-8 per cent range.

AB: The post-election sell-off seemed a bit premature and [a] reversal of the 'froth' that had built up in the markets thanks to a number of new hedge funds and global funds gaining exposure in India. The market has stabilized but remains one of the worst performing emerging markets year to date. We did not sell down our holdings although we have not increased our exposure either.

The government has made an about-face on its privatization policies - what impact is this having on investor sentiment? Does this matter when trying to attract foreign capital?

AB: It is a major negative for attracting foreign capital into India. The government has also slammed the door shut on a significant source for financing its budget deficit (running at close to 10 per cent on an aggregate level, i.e. including [the] states) since it is unlikely to be able to make any concessions on the expenditure side. If economic growth slows this year, affecting tax collection, they could truly regret this decision based on pressure from the Left Front.

MP: The impact has been slightly negative on investors. It is important for foreign investors because the major issue facing India is infrastructure and the government has to invest. They are unfortunately running up a fiscal deficit of 9 per cent of GDP and it could be unsustainable. They need to sell public-sector holdings and use [the money] for infrastructure. Dismantling the public sector creates better efficiencies in the economy - just [as it has] in telecommunications. Oil and gas needs more competition and some areas of manufacturing need momentum for growth. These are two big areas that are important for investors, both in India and abroad.

AC: The new government's policy on privatization has largely impacted the valuations of public-sector companies. However, I believe that the fears are overdone since the government has, through the proposed NTPC offering, already signalled their desire to continue to pursue the sale through [the] capital market route, which was the preferred route even for the previous government. Undoubtedly, India would attract a lot more capital, especially FDI, if privatization through strategic sales were permitted. However, it is very difficult for any government to ignore the political reality and the common man today prefers that the government retain control of most public-sector enterprises. Perhaps we need to wait for the benefits of the past strategic sales to become a lot more evident before the opposition to such sales reduces.

Inflation is hovering around 6 per cent, which is creating negative bond yields. Is this harmful to the development of the bond market - or just part of an economic process?

MP: Inflation is 5.5 per cent to 6 per cent, manufacturing inflation is 5 per cent and fuel inflation is in double digits. It is harmful as savers want positive interest rates. The problem is the financial system is very rigid. Corporate lending rates are between 10 per cent and 11 per cent with 5-6 per cent for the top corporates. There is a gap - prime lending is 10 per cent but companies that are AAA [rated can borrow] at 5-6 per cent - the top [companies] are getting cheap money. Non-prime borrowers and savers are not getting prime interest rates. This is happening because the bond market pays 5.8 per cent for a 10-year bond and regulations require 25 per cent of total deposits to be invested in government bonds. For banks, if they put 25 per cent in government bonds and another 20 per cent goes to prime borrowers at low interest rates, more than 50 per cent, including cash, needs to be lent at high interest rates.

AB: This is a temporary phenomenon. We are likely to see a steepening of the yield curve shortly as the market factors in higher borrowing requirements from the government. The budget provides very ambitious revenue collection targets that are unlikely to be met.

AC: The long-term target for inflation is closer to 5 per cent and it is likely that inflation will soon peak and then commence a reversal over the rest of the fiscal year. I think the markets are reacting normally to the inflation data, showing that the Indian debt markets are reasonably vibrant. Real yields would only have been more negative if the government were to permit greater flows of foreign capital into domestic debt instruments, so perhaps the policies are actually helping achieve a balanced approach.

What capital-raising trends are you seeing for Indian corporates? What is the most vibrant source of funding?

AB: The domestic capital markets. The larger corporates will gain access to other sources of financing - structured deals as they try to grow through acquisitions overseas.

AC: Indian companies are getting capacity constrained and therefore need for capital is increasing. Most companies are coming off a cycle wherein they operated with minimal leverage and, therefore, the preference is for tapping debt sources in the first round. A few companies are looking at raising equity, however these are really in the minority.

MP: The equity market is vibrant but it needs scale and size. There will be IPOs from telecom companies and if they want to do well, companies have to be attractive. The financial system is flush with funds and [there is] $25bn of short term surplus parket with the central bank. There are no borrowers in the market as the corporate sector is very liquid because they are trying to pay back high-cost loans taken out four to five years ago. The debt equity ratio for the entire corporate sector has come down as profits have been good for the last three years.

The rupee has come off of a long run of appreciation and actually depreciated in recent weeks. How is this affecting Indian corporates who do business in US dollars? How does this affect equity investors in India?

AB: Most exporters were worried about the rupee appreciation and should be happier. However, a number of companies have converted rupee loans into dollar loans - a small percentage of them have left these positions open expecting the rupee to appreciate further. [It] might be a shock to them but do not expect [the] rupee depreciation to be significant [enough] from here to cause a shock to the system. Equity investors are unlikely to be affected much.

MP: The 5 per cent appreciation in the last fortnight of March 2004 made people nervous. It does have implications across the economy and a lot of people are getting hurt. But now the rupee is depreciating and creating better confidence in business to be globally competitive. If the currency appreciates 8-9 per cent, it will hurt the manufacturing and export sectors. The impact on equity investors follows. For foreign investors who calculate returns in dollars, a stronger rupee obviously helps.

AC: If you carefully look at the rupee/dollar chart, all that has happened is that a spike in the rupee has corrected and the markets seem to be heading back towards the secular trend that we have witnessed over the past many years. Most Indian exporters are thrilled with the reversal since the sharp appreciation had put a lot of pressure on their margins and also put them at a disadvantage vis a vis competitive countries, particularly China. Equity investors do not seem to be over-perturbed... since they are much more focused on the underlying fundamentals of the stock market. The movements would have impacted debt markets a lot more, but considering the limited exposure on account of caps and other restrictions, we have seen minimal implications.

Now that the budget has been announced, what are your views on how the government is going to reduce the deficit and liberalize the economy? Are they on the right track?

MP: The previous government had a very good approach to opening up the economy but needed to focus more on the social sectors. The government has to look after the poorer citizens of India because without them participating in the liberalization process, the economy will not grow. The new government has said that they will focus on healthcare, education, agriculture and infrastructure. The government can do more and we need greater investment. The deficit has come down. The government can reduce the deficit further by focusing on tax reforms and downsizing the public sector. But the coalition government works under constraints. Within the constraints the budget is a good one as it enhances investment in the social sector and on infrastructure.

AC: The budget is clearly a positive surprise. It's a strong signal that this government has the will and desire to continue to pursue reforms, encourage investment (particularly FDI), and bring down the deficit. Given the severe limitation of time that the government was dealing with, I think the big bang reforms will actually follow in the coming budgets.

What effect will the introduction of a value-added tax have on the economy? What are the pros and cons?

AC: VAT is actually a win-win for the government and the Indian industry. VAT will help remove the internal barriers in the domestic markets, thereby facilitating more efficient flow of goods and services. At the same time, recent experiments have shown that [the] introduction of VAT can actually help raise revenue and help plug leakages that exist within the system.

AB: The introduction of VAT and [its] proper implementation will likely result in a much larger collection of taxes. The tax to GDP ratio in India is in single digits - lower than most other economies in Asia. Proper implementation, though, will be the challenge and the state governments will have to play along. Otherwise, it will not work.

MP: This is a positive - India has about 30 states and five union territories, with each having its own tax structure and borrowings. India is not a seamless national market but a market with multiple state taxes and restrictions on free movement of goods. VAT will bring in a single market and lower the tax base for many corporations because the VAT mean rate will be lower than what they are paying now and will also stop leakages in the system.

The ceilings for FDI in certain industries such as telecommunications, insurance and aviation have been raised. How important is this development to the economy and to the development of these industries? What is the long-term outcome?

AC: This is a very welcome move. Enhanced FDI will help spur investment in these critical segments, which are much needed to spur economic development and employment creation. Importantly, by enhancing FDI in these 'holy' sectors, the government is giving a strong signal that, despite all the opposition, [it] is willing to do what is right from a longer-term perspective.

AB: This was a much-needed relief for these sectors to obtain foreign funding and help them meet their growth objectives - a positive development that will hopefully attract increased FDI.

MP: It is positive because sectors such as telecoms require huge investment. By June 2004, there were 85 million phone lines for fixed and mobile, but by December 2006 India is expected to have 150 million lines. People are looking at doubling the total number of lines and this requires very heavy investment. It also requires accessing capital from all sources and liberalizing the investment cap to give companies in these sectors access to more capital. This move is a positive for these industries. The long-term outcome will be a bigger market, better services and lower costs to consumers.

What changes would you like to made see to the economic reform programme? Where is the government failing to implement positive policy changes?

AB: I would like to see the reduction of subsidies in agriculture, power-sector reforms, acceleration in the pace of infrastructure development, including ports, roads, airports etc, and the reduction of duties/import barriers. [Then there's] infrastructure development and getting private capital to flow into sectors like power, roads etc. There's been no progress on the electricity reform act, and it remains to be seen what happens. States are going back to their old ways - distribution of free power! Oil companies are being forced to carry the burden of subsidies and this creates a bad precedent for investing in government-owned companies.

MP: We need more spending on social initiatives. Every Indian should have access to education and health. The government should intervene more for infrastructure development so more foreign local investors can freely come in with private capital for everything from the airport sector to executing road and telecom projects. We need more economic freedom... with further relaxations in regulations. We need policies for the creation of a national market. We need further disinvestments for the public sector to foster competition. We need a freer land market to enable housing to grow. Further change is required in areas like the tourism sector, the aviation sector, the oil sector and areas of infrastructure. The issue is the pace of change and reform and not the direction of reform.

AC: The need of the hour is rapid simplification of the tax and legal code to enhance efficiency, reduce leakages, and result in voluntary improvements in compliance levels. There needs to be a reorientation of subsidies towards the weaker sections of society and elimination of those subsidies that are inefficient. Finally, there needs to be a continued emphasis on infrastructure development and this government needs to build on some of the good work done by the previous government. I think the government recognizes all these needs.

What changes would you like to see in the Indian market that would promise more flows of foreign investment money into the equity markets?

AC: The move to eliminate long-term capital gains tax and reduce short-term tax to just 10 per cent in lieu of the 0.15 per cent turnover tax is a very welcome move for foreign portfolio investors. Further simplification of [the] foreign investor registration process will help attract more investors. Over the longer term, I think flows will follow the success of Indian companies and as long as corporates continue to make good progress...they will continue to attract greater flows.

Is India's economic development too reliant on foreign capital? How important is domestic investment?

MP: No, India's economic development has not been reliant on foreign capital. The one area where large capital has come in is in portfolio investment. Domestic investment is important as India has a savings rate of over 25 per cent of GDP. We get $4bn to $5bn of FDI and $12bn from foreign institutional investors. But the major dominant source of money is the domestic market, and it is growing. he Indian financial market, with banking, insurance, the stock market and the government bond market, is valued at $1.2tn, thus there is a lot of money in India. The key is the cost of capital and efficiency of its use. Companies can today go abroad to raise capital cheaper. Even though the domestic market is viable, if you want to raise $2bn to $3bn, the local market cannot sustain it.

AC: Domestic capital flow, particularly into equity, is a big concern. Equity holdings of the average household are less than a measly 4 per cent of assets. With real interest rates being close to zero, investors will continue to get pushed towards equity markets over time, however a lot more needs to be done to pull them towards the market. The government needs to proactively encourage the development of domestic institutional investors such as mutual funds and banks. That, combined with the capital tax breaks now available to all investors, will spur greater flows over the long term.

Monday, November 22, 2004

Social Engg: Cybercriminals are infiltrating companies

The Financial Services Authority has warned that criminal gangs are increasingly placing people in companies to steal data and aid cybercrime attacks.
Criminals are attempting to plant insiders in companies to help them to commit financial and cyber crimes, experts warned on Friday. According to a report published by the Financial Services Authority, this activity is set to rise and businesses need to vet potential staff more carefully before employing them.

"Hackers and fraudsters are refining and improving their techniques as we speak," said Philip Robinson, financial crime sector leader at the FSA. "Firms will have to run to stand still if they are to protect their assets and those of their customers. The major banks tend to have strong defences in place, but there is no room for complacency and criminals will seek to exploit vulnerable points where they can find them, including in other sectors or smaller firms."

The FSA said that while larger enterprises had built defences to protect against hacking threats, small to medium-sized businesses were likely to suffer through lack of preparation.

The report, called Countering Financial Crime Risks in Information Security , found that firms had suffered few financial losses through cybercrime, but that they could be doing more to prevent attacks. It also recommended that managers take responsibility for securing data and examining current attack trends.

"Consumers must take steps to prevent attacks from fraudsters, by taking care when disclosing their personal details or following the security tips offered by their online banking service," said Robinson.

The FSA said that businesses aren't spending enough on security, which includes a failure to spend enough on modifying legacy systems to improve their security. It also criticised companies for failing to build relations with government bodies, which it said were working to reduce financial crime. The report reviewed 18 UK firms.

Sunday, November 21, 2004

Sarbanes Oxley (SOX) Simplifed

  • Sarbanes-Oxley is a US law passed in 2002 to strengthen Corporate governance and restore investor confidence. Act was sponsored by US Senator Paul Sarbanes and US Representative Michael Oxley.
  • Sarbanes-Oxley law passed in response to a number of major corporate and accounting scandals involving prominent companies in the United States. These scandals resulted in a loss of public trust in accounting and reporting practices.
  • Legislation is wide ranging and establishes new or enhanced standards for all US public company Boards, Management, and public accounting firms.
  • Sarbanes-Oxley law contains 11 titles, or sections, ranging from additional Corporate Board responsibilities to criminal penalties. Requires Security and Exchange Commission (SEC) to implement rulings on requirements to comply with the new law.

What does Sarbanes Oxley Address?

  • Establishes new standards for Corporate Boards and Audit Committees
  • Establishes new accountability standards and criminal penalties for Corporate Management
  • Establishes new independence standards for External Auditors
  • Establishes a Public Company Accounting Oversight Board (PCAOB) under the Security and Exchange Commission (SEC) to oversee public accounting firms and issue accounting standards

Saturday, November 20, 2004

eBay on Process Improvement and User Orientation

Fresh for the new year, eBay plans an overhaul of its "Item Not Received" process, which could have important ramifications for buyers and sellers on its service.

Scheduled for January, the e-commerce giant plans to implement a set of product and policy changes that it hopes will create a simple and straightforward process for starting buyer-seller discussions on disputed transactions (and ideally, resolving them.) But the plan also could reduce the number of superfluous complaints.

The company said on its announcements page that the enhancements are designed to "take the mystery out of what to do when the buyer has not received an item or has received an item that is significantly different from what was described in the listing."

eBay added that under the present system, merchants and buyers alike may not be certain of what to do when such a problem arises -- which can lead to lost goodwill and negative Feedback postings.

Accordingly, the company said its changes would help both parties understand what actions to take if a disputed transaction occurs.

Under the planned system, buyers will be able to begin a discussion with sellers from within their My eBay screens. eBay said the system would walk buyers through the process, providing tips and highlighting next steps to take.

The My eBay page also will feature a new Dispute Console, which will list ongoing problems, helping buyers and sellers track their status. This also will apply to Unpaid Item problems.eBay also said it would promote education for new buyers, to ensure they're familiar with the processes to resolve disputes.

The system also will enforce a seven days "waiting period" before a seller can initiate a dispute. Ideally, this can cut down on problems by ensuring that buyers have time to learn about standard delivery times and other processes related to eBay transactions.

On the other hand, eBay also is reducing the amount of time necessary for buyers to wait before filing an official claim through eBay's Standard Purchase Protection Program. Under the current system, a customer must wait 30 days before filing a complaint. The new system would cut that time to 17 days.

The changes also more closely integrate eBay's PayPal into the mix, for disputed transactions that use the alternative payment system. Now, PayPal unit will automatically begin assessing buyers' claims after they open a dispute -- determining whether the claim is eligible for coverage, based on criteria set in the PayPal Buyer Protection or the eBay Standard Purchase Protection Program.

The plan builds on earlier efforts to beef up the amount of and procedures surrounding buyer protection. In October, the company said online shoppers using PayPal in their eBay transactions would get up to $1,000 of buyer protection.

The move by PayPal, which is owned by eBay, doubled the coverage from $500 for qualified transactions on the e-commerce and online auction site. The expansion took effect earlier this month and covers approximately 80 percent of all eBay-listed items, the company said.

The protection is extended only when certain purchasing conditions are met -- such as when transactions result in non-delivery, or the delivery of items that are significantly not as described. The protection also extends only to transactions completed with an eBay-qualified seller -- defined as one who maintains a 98 percent positive feedback rating and has at least 50 feedback points.

Company reps said the company's buyer complaint process would still be available for transactions that do not qualify for PayPal Buyer Protection. eBay's standard purchase protection offers $200 of coverage with a $25 processing fee. Weeks earlier, eBay took additional steps to enhance its procedures by expanding its Feedback Withdrawal process. Under the changes, it put in place a third-party review process in eBay Motors.

In addition to those initiatives, PayPal in June debuted Buyer Credit, enabling shoppers to sign up for financing for higher-cost items they purchase on eBay and elsewhere on the Web.

PS: I hope some bankers in India are listening to above.

Evaluation Guide - BPM software and Vendor

There are more than 100 BPM software vendors, all selling something different. Here's how to figure out whether you need it and how to make it work for you.

Depending on whom you ask, business process management (BPM) software helps monitor human and automated processes, automate previously human processes, process something still managed by humans or manage something previously processed by humans.

Gartner estimates that there are currently over 100 BPM vendors out there, and it seems that no two agree on what it is they're selling. So which definition is right? "They all are," says Eric Austvold, a research director at AMR research. "There are varying degrees of rightness." Behind the hype, BPM is a marketing buzzword for various software applications that are useful if you have a business process that needs improvement. But for a BPM product to be useful to you, rather than a waste of time and money, it's important to choose the right project and the appropriate software.

What BPM can do ?
You can buy a BPM application that monitors your business processes, automates workflow or serves as an enterprise application integration (EAI) tool. These products can help you identify areas of your business that need to be automated, enforce business rules and even help you integrate your existing IT infrastructure. CIOs who have successfully deployed BPM report that it has made their companies more efficient. For the most part the software is relatively inexpensive, often as low as $100,000, which means that most companies can afford some version of BPM if they want. Happy customers report a high ROI, often between 200 and 300 percent.
PS: American National Insurance Company has experienced a 71 percent reduction in caller abandonment since putting a business process management system in place.

User group who implemented BPM believes that, any process improvements initiatives are not linear in
nature and thus, getting process re-engineering autoamted is critical for them.


What Is BPM?

A decade ago, Michael Hammer pushed the idea that process reengineering was the next business revolution. He promised companies that if they overhauled their business processes the businesses would become more efficient. Most businesses that bought into the argument laid a lot of people off, but the expected efficiency eluded them. In part, this was because it was hard to get everybody who was left to agree to change their work processes. And in part because even if they did, companies had no mechanism to enforce the changes. But today, the concept is back in the guise of BPM software, which provides a way to monitor and/or enforce efficient business practices. BPM software does this by extracting data from a company's business applications and doing one of two things with it: tracking how the information is used to perform a task so that you can map an existing business process, or escorting the data through a set of tasks to ensure that a business process is being followed. There are three basic varieties of BPM software: monitoring tools, workflow software and tools that support EAI.

Efficiency monitors

BPM monitoring products are essentially computerized versions of the 1950s efficiency consultant who would stand next to the assembly line staring at a stopwatch through "Coke-bottle" glasses. A monitoring product uses built-in application programming interfaces to connect with each of the systems a company uses for a particular process (for instance, tracking an order from the time it's placed to when it ships), and then monitors the process for inefficiencies. A company may discover that there is a consistent 12-hour lag between the time a product is placed in the shipping queue and when it actually ships. Then it's up to the company to figure out a solution. (Maybe it hires an extra loading dock worker or invests in load-scheduling software.) Monitoring software can also be used to keep tabs on a process and send out alerts when the correct process isn't being followed.

Canadian mutual fund company AIC used BPM monitoring software from Sajus to speed up its process for updating clients' accounts whenever there is a transaction. AIC is Canada's largest privately held mutual fund company with approximately $12 billion in assets under management.
Traditionally, customer transactions would sit in a queue on the mainframe, waiting for a nightly update to AIC's shareholder management system. That meant AIC financial advisers were not able to see the most recent transactions when they logged on to AIC's Web-based customer portfolio management system.

CIO Joe Sferrazza thought the advisers should have this information, so he built a Web service that updates the client's account in real-time on the customer portfolio management system that the advisers use. The mainframe is still updated nightly, and the client's account information in the portfolio management system is rectified against the master database on the mainframe.

Sferrazza uses the Sajus software to make sure that all of this goes off without a hitch. The BPM software monitors the process and when it spots a problem it sends an alert to the appropriate person to fix it, rather than waiting for a person to detect the glitch the next time they look at the customer's portfolio. Without the built-in monitoring, Sferrazza would have no guarantee that the automated processes are being properly executed.

Workflow Software
Another variation on the BPM theme is the workflow-based products that companies such as Pegasystems, Metastorm and FileNet have developed. These systems automate some parts of a business process and direct some tasks in the business process to people, assuring that the process is followed. For example, a workflow BPM system won't let a sales rep open a new account before the system confirms that the client doesn't already have an existing one. The trick to using BPM software to automate and enforce a business process workflow is that the people who will use the system have to come up with a detailed map of the processes that they want the system to follow and enforce. Therefore, the new system is only going to be as good as the processes that it automates.American National Insurance Company (ANICO) used BPM workflow software from Pegasystems to improve service in its call centers. In the mid- to late-1990s, ANICO's call centers experienced high drop rates and high customer frustration levels in part because the information that agents needed was hard to access. For example, in the health insurance division, a customer's personal information, HMO information and policy administration details were stored in multiple legacy systems. "Our [agents] were navigating multiple systems while trying to keep someone on the phone," explains Gary Kirkham, the company's vice president and director of the planning and support division.
In 1998, Kirkham began working with Pegasystems to install a workflow system (later rebranded by the company as a BPM product) that would guide call center employees through these systems and give them a logical process to follow. The system automatically extracts information from each of the legacy systems and delivers it to agents through a common user interface.

Before Kirkham could automate anything, though, the call center employees had to come up with a completely new business process model. While Kirkham met extensively with the call center workers to explain the project (how it would change the way they served customers and why it was important to capture best practices), it wasn't his job to come up with and document these processes. That role fell to Zeb Miller, the company's assistant vice president for health administration. Kirkham jokes that it didn't hurt that Miller is 6 feet 7 inches and 250 pounds.

Now when a customer calls with a question about his or her health insurance, the BPM software prompts the service rep to confirm the caller's social security number and address before getting access to the insurance information. Since this BPM application can enforce workflow rules, the call center employees know what types of services they are allowed to provide based on who the caller is.

Call center workers are now able to solve customers' problems faster, which in turn allows them to serve more customers. Since putting the system in place, ANICO has experienced a 71 percent reduction in caller abandonment and a 61 percent improvement in the average time it takes to answer the phone. Furthermore, this type of project is easily repeatable. While Kirkham started small—just putting the system in the health-care call center—it is now being used to support other ANICO insurance products as well.

Enterprise Application Integration Tools
Large enterprise application vendors and system integrators have used the fact that BPM has application program interfaces (APIs) that extract information from a company's existing systems to push it as an enterprise application integration tool. In other words: If you are going to integrate your systems, why not take it a step further and use BPM as the user interface that connects to your middleware, regardless of what that middleware might be? IBM, Tibco and other integration vendors have bought existing BPM software companies and adapted their applications.

The BPM technology used with EAI isn't substantially different from the monitoring or workflow varieties. For example, Tibco acquired Staffware, a workflow vendor. And the way companies use BPM for integration isn't all that different either. In this case, BPM supports larger projects. Forrester Principal Analyst Ken Vollmer warns that combination EAI/BPM suites are capable of supporting larger projects and are generally more expensive than either standalone EAI or BPM products would be. "Using an EAI/BPM suite in a situation that could be handled by a standalone BPM product could add another $300,000 to the cost of the project," Vollmer says.
The Star Alliance, a partnership of 15 major airlines, including United and Lufthansa, is using BPM to help integrate its members' legacy systems. While the partnership is committed to unifying the processes that its members use, it is equally committed to doing so in a way that respects each company's previous investments.

That's no small challenge, says Brian Cook, Star Alliance director of IT and acting CIO, with dozens of legacy systems to integrate. For example, a new service for frequent fliers on member airlines required the IT team to consolidate 90 separate business processes across nine airlines and 27 legacy systems.

This kind of integration effort could quickly spiral out of control, says Cook, but the BPM software helped provide a blueprint for how to share data among the various systems. The Star Alliance IT and airline project teams used the BPM software to record how each airline checked in customers and processed their frequent flier information. Then, airline managers took that information and developed a new business process that they mapped in the BPM application. This map was used to identify the points of integration for each legacy system.

How to Tell if BPM Is Right for You
The vendors will tell you that everyone can benefit from BPM, and, like all hype, there's a grain of truth behind it. Almost everyone has a business process that needs improvement. The questions you need to ask yourself are: What's the problem you are trying to solve? What's the size of the investment you are willing to make? And how committed are your business units to making their processes more efficient?

Forrester's Vollmer says that an EAI/BPM suite is a way to get more from your existing systems, since this type of solution can enable the building of integrated applications without necessarily requiring you to make any other technology investments. This gives companies a tremendous amount of flexibility when determining what type of project to pursue and which BPM vendor to work with. But Vollmer also says that common sense plays a large role in making that choice. For example, if you are considering an enterprise application integration project, he says, it is also wise to consider whether you are a good candidate for BPM in the near future. Since most EAI vendors provide both, CIOs should make sure that combined EAI/BPM solutions are evaluated as well as standalone products in each category.
Business process management software can enable the building of integrated applications without necessarily requiring you to make any other technology investments.
On the other hand, most BPM users prefer to start small. One reason, warns ANICO's Kirkham, is because process change—particularly, the type of radical process change his company's call center employees experienced—is hard. Trying to change too much at once could be counterproductive. People need time to learn the new process and how to use the BPM software. Just as business process reengineering failed, BPM will fail if there isn't institutional support for change. Kirkham says that even when ANICO's employees got training, the company didn't really gain efficiency until they hired a large number of new workers who never knew the old process.

AIC's Sferrazza also says that his company isn't ready to undertake a project on a grand scale, although he does plan to use the Sajus monitoring tools for other self-contained business processes. "We can effectively monitor our systems," he says. And for now, AIC's focus is on squeezing the last bit of efficiency out of that monitoring. His other concern is that the company will come to rely too heavily on monitoring software, raising his IT costs. "I can see a day where I will become so dependent [on BPM] that I need several people just to make sure that the processes are being monitored," he says. In other words, if monitoring is the key to automation, then someone needs to monitor the monitoring software.

What to Know Before You Buy
AMR's Austvold says that the decision about which type of BPM software to buy comes down to knowing what your goals are. Everyone agrees that it is a buyer's market right now and that CIOs looking for a bargain on BPM software can find one. But CIOs and analysts all caution that no one should make a buying decision based on the deal they get. With the exception of large integration projects, the money involved in BPM isn't that great and it's not hard to get an ROI from the right project.
VALUE FROM BPM
Joe Sferrazza, CIO with AIC, monitors updates of client data. Brian Cook, acting CIO with the Star Alliance, creates a blueprint for integration. Gary Kirkham, VP with ANICO, guides call center employees.
Furthermore, as with other evolving technologies, the marketplace is bound to consolidate. Most companies that sell BPM products are small and those products address one type of BPM function. There is always a chance that your vendor could go out of business, leaving you to support a product yourself. Austvold says the products from small companies are often better, however.

"You have a couple of choices," says Richard Soley, CEO of the standards organization the Object Management Group. "Go with a large vendor who you don't think is going away or you go with a [smaller vendor that uses a] standard. Obviously [this sounds] self-serving, but I don't see what else you can do, besides ignore it" and hope your competitor doesn't gamble more successfully.

There are several standards for BPM, such as the emerging Business Process Execution Language (BPEL), and more mature Web standards, such as Web Services Description Language and Java Message Service. Soley says every vendor uses some type of standard, and you need to choose one that is compatible with your existing applications. Finding out if a vendor uses standards should be part of your due diligence process before you buy.
Success with BPM
Success comes down to a few simple steps. First, make sure that you have a specific process in mind that you would like to improve with a BPM product. Next, monitor the process to learn how it works now. (You can use BPM monitoring software to do this.) Then, you and the process owner need to figure out how you want to change the process and redesign it accordingly. If it's appropriate, you can use a BPM workflow application to manage the new process.

Cook of the Star Alliance says that a successful BPM project leaves a company with a documented set of business rules that could prove to be its important intellectual property, as well as provide a road map for future development of IT projects. "It's hard to extract and document years of experience," he says. "You end up with tons of information. But it ends up making [future projects] much easier for IT."

Monitoring Software
Tracks data through a business process

Agentis
CommerceQuest
Sajus



Workflow
Guides employees through a business process

FileNet
Metastorm
Pegasystems
Savvion



Enterprise Application Integration
Provides a user inter-face to middleware applications

BEA
IBM
Microsoft
Oracle (Customer Data Hub)
PeopleSoft (AppConnect)
SAP (NetWeaver)
SeeBeyond
Tibco
webMethods

SOURCES: GARTNER, FORRESTER RESEARCH