Author: nora

The article tries to discuss the competitive advantage Financial Institutions will have when putting dynamic transactional data in the cloud, and also says the risks involved can be mitigated. I think the traditional firewalls and security measures might suffice to protect data within one’s premises, but will not hold against data on the move.ie the data put on cloud services . So what are the options Financial Institutes have to handle risk?

• Accept the Risk – If the decrease in operational costs, outsourcing of IT and flexibility offered by cloud platforms outweigh the risk of a data breach, the bank must accept the possibility of damaging its brand due to such incidents . Risk retention is only advisable if it does not pose any financial threat.
• Mitigate the Risk –  Removing PII & PCI before moving to cloud helps reduce amount of risky activity. Ramping up security measures and firewalls at company expense is another risk reduction strategy.
• Eliminate the Risk– The only way to eliminate this risk completely is to keep data on premise.Even then it is not ideal situation as on-premise data stores are also susceptible to hackers.
• Transfer the Risk-Altering the contract with cloud vendors so that there are strict data monitoring clauses transfer some of the the risk. Insurance is also a good way to transfer risk. Investing into legal and compliance teams to protect themselves from legal issues are other steps to transfer risk to a 3rd party.
• Risk Avoidance- When you forsake the activity containing risk, it is risk avoidance. Risk avoidance usually leads to risk elimination.

I feel that banks with sensitive data can not transition to a cloud framework unless they understand that the security in the cloud has whole new dynamics and technology than the security measures that they are historically used to.

Reference:

Financial Institutions Weigh Risks, Benefits of Cloud Migration

We know that Financial Services institutions invest heavily to develop information systems for risk measurement, especially in recent years. At the rate at which our technologies are developing, it might be less expensive for financial firms to assemble this risk information about its users. After all, Google and Facebook combined knows most of what there is to know about you!

Currently the financial information system is ruled by the CIA rule:

● Confidentiality
○ Prevent unauthorized disclosure of information (read access limitations)
● Integrity
○ Prevent unauthorized modification of information (write access limitations) for the data and the FIS.
● Availability
○Make sure Information available when needed by preventing DoS (Denial of Service) attacks.

After going through the various risk measurement methodologies, I am beginning to wonder if the whole structure of Financing industry going to change when it becomes less costly to assemble risk information. Will it affect capital budgeting and even incentive compensation in banks? I feel like the organizational structure of these banks will change to a more decentralized form, than the stringent central approval regime that is in place now. Reason I think so is because there will be (and currently is) increased flow of risk information outside the firm. A few years down the line information about each person will become more transparent, which might lead to relaxation to many of the strict rules and governing policies that are present now.

Reference:

http://www.bis.org/publ/ecsc07f.pdf

https://www.odu.edu/ts/security/risk-assessment/information-systems-risks

I have been wondering about the relevance of so many Financial Information Systems, if the world had a more ideal and unified system for money. Would we need such complex software if our coins and cash were simple in the first place? For example, in our daily FIS assignments, we wouldn’t be having the ‘Company code’ related problems during currency conversion if the world shared a common currency!

If ERP systems find it difficult to enable you to have a vendor in Croatia and a plant in Germany and customers in United States, wouldn’t it be far more complex in real life for actual industrial expansion to occur in the countries hosting their native currencies? So I feel that instead of designing solutions on top of complex systems, why not eradicate the root cause and design a permanent solution for an ideal world? Who knows, 10 years down the line the world might just adopt it (advent of the bitcoin is a hint!)

Although printed currency works well in goods exchange in an economy, there is no automatic linkage to guarantee there will be a corresponding increase in real goods to match the increase of the printed cash.Throughout history, majority of economic crises had a monetary cause and were not due to a breakdown of production of real goods. The actual collapse of societies on the other hand is related to the breakdown of the fundamental good creation system. So ideal concept of money should be reflecting the health of industrial systems, but currently it only obscures the real problems.

Ideal money should have stable value over a long time.Hence, gold or silver is not a good substitute. “A possible nonpolitical basis for a value standard that could be used for money would be a good industrial consumption price index(ICPI) statistic. This statistic could be calculated from the international price of commodities such as copper, silver, tungsten, and so forth that are used in industrial activities.” John Nash said in his lecture. I hope we can integrate ICPI to a bitcoin like crypto-currency standard, thus eliminating hard cash. Listing reasons why this would be the advent of the ideal world:

1. The money in an economy will reflect the actual health or it’s capacity to produce goods and services for it’s people.It will ensure a fair flow of prosperity across the world.
2. ‘It is a solution to the Triffin dilemma which is generally about the conflict of economic interests between the short-term domestic and long-term international objectives when a currency used in a country is also a world reserve currency in the meantime.’If we have a unified currency for the world that is decentralised like bitcoin and not governed/policed by few banks, it overcomes this dilemma.
3. No taxes, 3rd party transaction fees, crypto currency cannot be stolen or counterfeited. Clean transactions with no time-related distortions could start an era of free trade and industrial growth.

References:

https://en.wikipedia.org/wiki/Ideal_money

http://www.lietaer.com/2010/09/what-is-the-problem-with-our-current-money-system/

While most articles in the class blog deal with Fintech as a disruptive industry for traditional financial institutions, the fintech festivals are common grounds of co-opetition for banks and fin-tech companies.Tech companies also help traditional banks to gear up to take on the new era of competition and integrate latest technology for their efficient running.

Let us discuss the merits and de-merits of few such examples that Microsoft CEO Satya Nadella cited at one such Fintech festival.

1. ‘MetLife is using Microsoft Azure to run complex actuarial simulation models, delivering  insights to decision makers around the globe’

Advantages:

• Complex risk assessment is aggregated in the cloud to complete in much lesser time.
• Faster business decision making process resulting in improved customer experience.
• 45-55 percent savings on infrastructure costs .

Disadvantages:

• Security of customer information is the most major concern when an on-premise data store is moved to a third party cloud computation engine.
• Once computation is moved to a particular cloud offering, the process develops platform dependencies that is hard to integrate with other systems or change in future.
• If there is a contract fallout, customer data can go into vendor lock where the parent company loses flexibility and control over data. This is why banks are reluctant to adopt cloud technology.

---

2. ‘Emirates National Bank of Dubai is reinventing its customer relationship management with Azure Machine Learning and Microsoft Dynamics 365’

Advantages:

• Data mining and prediction helps identify how to spend time with customers, and targeted next-best actions and offers.
• 15-point conversion rate of customers to new services.

Disadvantages:

• Again there is a conflict over online vs on-premise solutions against Microsoft’s cloud-based bundle.Hence your data, algorithms, experiments and results would reside in the cloud. Depending on your data sensitivity, that may be a deal breaker.
• The Microsoft CRM and ERP solutions are in their infancy and there are lots of kinks to iron out.There are better solutions out there for a lesser price point.

---

3. ‘Bank of America Merrill Lynch is working with Microsoft Treasury to use Azure Blockchain as a Service to transform and automate the processes for standby letters of credit’

Advantages:

• Reduces process time from 5-7 days to 5-7 minutes
• Reduces error rate down to zero percent.
• Significantly reduces the cost of process.

Disadvantages:

• Being a new technology there are challenges such as transaction speed, the verification process, and data limits.
• Control, security, and privacy are still cyber security concerns that need to be addressed before entrusting personal data to a blockchain solution.
• High initial capital costs : Blockchain proof of work implementation offer solutions that require significant changes or replacement of existing systems. In order to make the switch, companies must strategize the transition.
  

  ---

  Thus we see the 2 sides of the coin while implementing fin-tech in traditional financial institutions. Financial institutions weigh all the pros and cons before trusting new ideas and technology. Fact that fin-tech is still percolating and accepted into such organisations is proof that widespread acceptance of fin-tech is starting.

REFERENCE:

Microsoft’s Xiaoice chatbot may be coming to English at Tay.ai

 

 

Starbucks is the most familiar name for coffee lovers in the US. It is also  a pioneer in getting consumers to pay for coffee with their mobile phones, and is boosting digital spending via its app in Asia, Europe and Latin America.

The App was introduced in 2015 nationwide at U.S. stores, and lets customers order and pay for beverages in advance and pick them up without waiting in the cashier line. Now it wants to roll out the Mobile Order & Pay program to China and Japan. Starbucks is also testing delivery through the app in the U.S., and offers personalized food recommendations.

In an industry where many mobile wallets have struggled to capture consumer markets, this app was an instant hit, and called “the most successful launch of a new payment type in history.” Starbucks introduced an app that used simple QR codes. And perhaps just as important, the chain offered rewards like free beverages for using it.

Within a few years, Starbucks’ mobile app accounts for more than 21 percent of all transactions in company-owned U.S. stores. About 7 million orders were placed through mobile devices in U.S. cafés.

Now, let us pit this payment application against all the other technologically complex e-wallets out there:

Google wallet: Uses a Secure element chip and NFC HCE(host card emulation) as base technology for it’s e-wallet. It is slowly gaining market.

Softcard wallet: comes with its own cash card which is preloaded with $10 to help you start spending. It works with an NFC-enabled Android smartphone and also allows you to manage your coupons, loyalty cards and redeem offers from merchants.The wallet is also PIN-protected and you can remote freeze your wallet and wireless connection if it gets stolen. If the smartphone gets recovered, you can just call to reactivate your wallet. It has a declining market growth as of today.

PayPal: Has rolled out NFC based mobile payment using existing infrastructure.Paypal has 188 m users but, NFC payment is an add on feature to Paypal’s ecommerce mPOS payment portal. Hence exact number of people using NFC payment is unknown.

Square Inc. is a financial services, merchant services aggregator and mobile payments company that has rolled out NFC based tap and pay functionalities.This app is quickly gaining market favour.

Samsung and Android pay: e-wallets have matching 5 m active users per month.They are the smallest players in the e-wallet space.

Apple Pay: NFC technology is coupled with biometric security and tokenization to make it the most secure payment transaction possible When you add your card in Apple Pay, a unique Device Account Number is assigned, encrypted, and securely stored in the Secure Element, a dedicated chip in iPhone, iPad, and Apple Watch. These numbers are never stored on Apple servers. And when you make a purchase, the Device Account Number, along with a transaction-specific dynamic security code, is used to process your payment. So your actual credit or debit card numbers are never shared by Apple with merchants or transmitted with payment.It also doesn’t store the details of your transaction behaviour.Your most recent purchases are kept in Passbook for your convenience and never sold to merchants.Even though it is so advanced it has 12 m regular users.Interacting/integrating with different merchant’s POS is the issue now.

Conclusion:

So this story should remind us that a ‘simple’ technology can overcome technologically advanced applications, but only using a smarter business strategy.

1)Starbucks leveraged it’s brand name in mobile payments by tying up all its franchises behind this payment technology.It correctly incentivized the customer by giving away free drinks and conducting personally tailored ad campaigns based on customer order history.

2) It also leveraged the fact that customers were paying in bulk upfront for their drinks, and redeeming the goods later. So it gains interest on the bulk payments , plus is saves the transaction fees that would have been incurred for separate in-store payments.

 

Reference:

https://www.bloomberg.com/news/articles/2016-03-30/starbucks-takes-its-pioneering-mobile-phone-app-to-grande-level

I would like to focus on fin tech that improves the traditional credit card payment process by eliminating the use of physical credit cards. Credit card theft and skimming of PII can be drastically minimized by using Near Field Communication(NFC) technology in your mobile device and converting it into a contact less payment system.

Near-field communication (NFC) is a set of communication protocols that enable two electronic devices, one of which is usually a portable device such as a smartphone, to establish communication by bringing them within 4 cm of each other.It has three modes of communication but the one significant to us is:

• NFC card emulation: This enables the NFC device to behave as a standard Smartcard.

A contact less card requires only close proximity to a reader. Both the reader and the card have antennae, and the two communicate using radio frequencies (RF) over this contact less link.There is no set-up required. The connection is more reliable and does not suffer problems of contact wear, corrosion and dirt experienced by systems using physical connectors.

In Apple Pay, NFC technology is coupled with bio metric security and tokenization to make it the most secure payment transaction possible. Traditionally a card-present transaction is considered more secure than a card-not -present transaction over the web or during in-app payment. Unlike popular belief, research shows that Apple payments (a card-not -present transaction) is more secure than the traditional card-present transactions. This is because of the inherent security that is built into a transaction that can occur only at 3-5 cms distance.

When a card is added Apple Pay, a unique Device Account Number is assigned, encrypted, and securely stored in a dedicated chip in iPhone, iPad, and Apple Watch. These numbers are never stored on Apple servers. And when you make a purchase, the Device Account Number, along with a transaction-specific dynamic security code, is used to process your payment. So your actual credit or debit card numbers are never shared by Apple with merchants or transmitted with payment.It also doesn’t store the details of your transaction behavior. Your most recent purchases are kept in Passbook for your convenience. Apple pay currently has around 12 m patrons.

https://globenewswire.com/news-release/2016/10/25/882686/0/en/IoT-Device-and-Data-Security-Challenges-and-Solutions-Headline-the-Smart-Card-Alliance-2016-Security-of-Things-Conference.html : articles by Prof. Imran Hajimusa

Below tips will assure your company has a robust internal monitoring strategy:

1. Hiring a CPA and tax attorneys to “Self-audit” your business  not only improves your business but also protects you from an IRS audit.CPA can ensure information is valid and in accordance with accounting standards (like the Generally Accepted Accounting Principles, or GAAP) .
2. Hiring a tax attorney, an accountant or installing accounting software program,will ensure you are following General Accepted Auditing Standards (GAAS) .They can also provide education to the business owner about how their business is running and how it can be improved.
3. Financial audits make sure all legal and tax rules are being complied with, which can prevent different legal issues that can arise when fraudulent or incorrect information is presented to the public or investors. In the U.S., keep tax receipts on hand for at least 7 years, as this is the statute of limitations on tax fraud.
4. If you have physical products or use equipment in your business, you will need to conduct physical audits as well. For example, inventory or equipment should be counted and visually inspected.
5. Cross-reference each part of your company’s accounting system. If you have a very large number of transactions, make use of statistical sampling.
6. Ensure your use of expenses for business meals, travel, and entertainment are believable. Daily commuting to work at a regular job or claiming any personal expense as a business deduction is not a valid. A good rule is if the spending is required to make money, then it can be deducted.Be sure you have proper receipts and records for any and all deductions.
7. Note major discrepancies between years and have documentation supporting why. If you contribute much more to charity one year than another, include an explanation as to why when you file your return, and include any receipts or other associated documents.
8. Determine whether your business has a sufficient accounting audit trail: Does your accounting software store associated documentation for every transaction, with relevant explanations for transactions that will be used for deductions?
9. System should monitor your company’s internal controls , and do reconciliation checks regularly on financial documents.
10. Separate accounting duties as much as is reasonable.Try tricks like internally numbering checks. Safes should be locked when not in use, and company software and computers should be password protected. Camera systems are beneficial for monitoring the execution of internal controls at retail businesses.

Reference: http://www.wikihow.com/Perform-a-Basic-Accounting-Audit

Rocket Mortgage is a super fast service portal of the company Quicken Loans, which caters to self-service users who want to apply for a home loan without talking to loan officers. It’s only a tool that collects information such as pay stubs, bank statements and tax returns to calculate how much money you are eligible to loan, and not a money lender itself, despite being called rocket-‘mortgage’.

Although I wouldn’t say that you get the best deals out there, I feel it makes the lending business more transparent by helping you steer clear of lenders with low advertised rates but “fine-print disclaimers”.

How it works:

• When you make your profile with rocket mortgage, it can instantly verify employment and income details for more than 60% of working Americans.
• With your authorization, it downloads asset statements from 95% of U.S. financial institutions. This helps you easily fill personal information and click “See my Solution”
• The app displays a customized loan amount you’ll qualify for within minutes based on your credit score and debt-to-income ratios.
• Slider bars allow you to change the closing costs, loan term and interest rate. Then you click the “See If I’m Approved” button.
• Using automated data extraction (ADE) technology, lenders are able to verify checklists in minutes, cutting the time it takes to evaluate loan files by up to 80%. Thus re-defining traditional “stare and compare” approach to verifying data across several documents.
• If you’re approved, first-time homebuyers FHA-backed loans. You can lock your interest rate and print out an approval letter, then go house hunting.

Contrary to public hesitation, such developments in Fin-tech improves the mortgage experience by:

1. Saving the client time, but limiting the use of alternative credit data.
2. Giving lenders easier access to borrower’s bank information
3. Making approvals less prone to human error

So to wrap it up, digital lending is here to stay because it created a whopping $79 billion in mortgages in 2015.

References:

• http://www.housingwire.com/articles/36277-reasons-the-rocket-mortgage-actually-decreases-mortgage-risk
• http://www.mortgageorb.com/expanding-the-definition-of-digital-mortgage
• https://www.nerdwallet.com/blog/mortgages/quicken-loans-and-rocket-mortgage-review

 

 

 

 

Let us ruminate on how critical financial information systems(FIS) are to a company and how fragile the security systems around it really are. Consider the data breach at Target few Christmases ago in 2013. Around 40 million credit card details were stolen and Target CEO Gregg Steinhafel had to end his 35 year career with the company. It cost the company $252 million in total and after insurance reimbursement, the losses fall to $162 million. For the customers, the possibility of financial losses due to identity theft is still high. Here is a flow table explaining how it occurred (from bloomberg.com):

Like professor explained last class, a good way to fortify your FIS is at the entry point itself. To avoid such hacks we can encrypt critical information before storing in the system. While the rest of the world migrated to chip cards long ago, it’s adoption in the US has been slow and bumpy. Did you know our credit card number and other details are stored in a magnetic strip card without encryption? We still continue to use it in merchant stores and gas stations exposing critical financial information to hackers everyday. On that note, I’d like to start our foray into FIS stating that the system we create is as reliable as the data we feed it and as secure as the measures we take to protect it.