BRAVE WORLD - Dark Reading's 2017 Strategic Security ...

Business Innovation Powered By Technology

May 2012

Lessons From the LatestData Breaches p.8

Banks Hot for theKindle Fire p.10

The CFPB’s CIO TalksTechnology p.28

BRAVE

NEWWORLD

Bring Your Own Device initiatives can deliver tremendous value, butsecuring the mobile channel is achallenge, says Bank of Americaglobal tech head Cathy Bessant. Find out how to prepare for the rise of consumerization. p.16

sas.com/92 for a free white paper

High-performance analytics from SAS® helped a � nancial services � rm reduce loan default calculation time from 96 hours to just four.

Early detection of high-risk accounts is crucial to determining the likelihood of defaults, loss forecasting and how to hedge risks most effectively. Now, SAS can help you speed that time to decisions from days to literally minutes and seconds – transforming your big data into relevant business value.

92What would you do with an extra 92 hours?

High-Performance Computing

Grid Computing

In-Database Analytics

In-Memory Analytics

Big Data

high-performance analytics A real

game changer.

Each SAS customer’s experience is unique. Actual results vary depending on the customer’s individual conditions. SAS does not guarantee results, and nothing herein should be construed as constituting an additional warranty. SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. © 2012 SAS Institute Inc. All rights reserved. S86991US.0212

FEATURE

28 Inside the CFPBBefore the Consumer FinancialProtection Bureau can help consumers understand financialproducts, it has to create an infra-structure. CFPB CIO Chris Willeydiscusses the pros and cons ofbuilding technology from scratch.

ANALYTICS WATCH

14 Reining in Big DataSemantic databases may be the tools banks need to harnessbig data’s potential.

COMPLIANCE WATCH

15 Maintaining Social OrderSocialVolt’s Scott Oppliger offersfive steps to creating a FINRA-friendly social media plan.

PERSPECTIVES

30 Speaking the TruthBanks must provide a seamlessexperience for customers acrosstheir channels of choice. Ourexperts explain how banks canbuild a distinctive experience by creating targeted, relevantmultichannel communications.

MarciaWakeman

MichaelBaublit

AviGreenfield

SanjeevMalaney

Cathy Bessant, Head of GlobalTechnology and Operations,

Bank of America

CO

VE

R/T

HIS

PA

GE

PH

OT

O B

Y S

CO

TT

ST

ILE

S

May 2012 banktech.com

COVER STORY

16 Mounting Pressure BRING YOUR OWN DEVICE Despite security concerns, workforce pressuresand the promise of productivity gains areforcing banks to embrace BYOD initiatives.

22 Ignore at Your Own RiskSOCIAL MEDIA Customers expect to engage their banks viasocial media. But banks must be careful to avoid a number of common social media missteps.

24 Satisfied ShoppersTHE RETAIL EXPERIENCE Banks can learn many lessons fromonline retailers about how to optimize the customer experience.

27 4 Keys to Making Connections CUSTOMER ENGAGEMENT Banks can follow four approachesto creating an integrated organization focused on the customer,says Dell’s Bob Barris.

Business Innovation Powered By Technology

BAN K SYSTE M S & TE CH N OLOGY ■ WWW.BAN KTE C H.C O M ■ MAY 2012 ■ 3

INDUSTRY WATCH

8 Weak LinkRecent third-party data breaches remindbanks that data security vigilance mustextend beyond their own firewalls.

9 The Price of FraudWhile business-to-business paymentsfraud declined slightly in 2011, the sophistication of threats continues to evolve, requiring new security models.

10 TabletBanking WarsTo keep up with the proliferation of tabletdevices, and customers’changing mobile bank-ing preferences, Bank ofAmerica and Citi release new apps for Amazon’s Kindle Fire.

11 Security Becomes a VictimIn their rush to roll out new customer-centric and mobilesolutions, banks may have overlooked security, according to Cast Software’s recent CRASH report.

12 Treasury Services StrategiesCorporate customers are pressuring banks to make theirtreasury services offerings smarter, according to participantsat the SWIFT Operations Forum.

BEST PRACTICES

33 A Well-Oiled MachineNational Bank of Abu Dhabi taps Emerson Network Powersolutions to modernize the bank’s data center, boost efficiency and cut downtime.

EXEC WATCH

34 Lessons From the Consumer SideSecil Tabli Watson, the new head of Wells Fargo’s wholesaleInternet services group, plans to apply service lessonslearned from the bank’s consumer digital channels.

6 From the Editor

DIG ITAL I SSUE

The Best iPad Banking Apps By 2016 a staggering 87 million U.S.

consumers are projected to own a tablet

computer. Bank Systems & Technology’s

April digital issue breaks down what it

takes to meet consumer expectations

for tablet banking and examines some of

the industry’s best apps for the iPad.

banktech.com/digital-edition/april2012

EXCLUS IVE FEATURE

3 Steps to Building A World-Class Bank

With global markets growing increasingly

important to banks’ bottom lines, optimizing

worldwide operations has become a

business imperative. We offer three tips to help banks achieve

world-class distinction. banktech.com/world-class-bank

FORECAST

8 Bank Technology Trends That Will Shape the Industry in 2012

IT budgets finally are providing some breathing room, but with

the economic recovery still shaky and regulatory scrutiny more

intense than ever, banks’ IT investments are likely to be focused

on driving efficiencies and complying with new requirements.

banktech.com/8-tech-trends

LIVE EVENT

Banking Redefined: Capitalizing onData, Channels & Customer-Centricity

Banks face intensifying pressures from

increasingly demanding regulators, board

members, shareholders and customers.

But along with those challenges are

unique opportunities for banks to build

new and more profitable customer relationships. Join an

exclusive group of senior-level banking executives at BankSystems & Technology’s 7th Annual Executive Summit

to learn more about the strategies and technologies that are

transforming the industry. Sept. 30 – Oct. 3, 2012, Royal PalmsResort & Spa, Phoenix. banktech.com/summit2012

banktech.com

8BenKnieff

4 ■ MAY 2012 ■ WWW.BAN KTE C H.C O M ■ BAN K SYSTE M S & TE CH N OLOGY

FRED COOK, CIO, North Shore Credit UnionCOLIN ECCLES, CIO, Umpqua BankJOHN FIORE, CIO, Bank of New York MellonVINCE HRUSKA, SVP, Director, ProductSolutions and Strategies, City National Bank

JOHN ITOKAZU, COO, CIO, Union BankPAUL JOHNSON, CIO, BB&TMARK LA PENTA, CIO, MetLife BankMICHAEL LINDSEY, SVP,BancorpSouthBRUCE LIVESAY, CIO, First Horizon

READER ADV ISORY BOARD BANK SYSTEMS & TECHNOLOGY (ISSN 1045-9472) IS PUBLISHED 4 TIMES PER YEAR (MARCH, MAY,JULY, OCTOBER) BY UBM LLC., 600 COMMUNITY DR., MANHASSET, N.Y 11030.; (516) 562-5000.SUBSCRIPTION POLICY: CIRCULATION FREE TO OFFICERS AND EXECUTIVES OF BANKING INSTITU-TIONS WHOSE RESPONSIBILITIES INCLUDE BUSINESS LINE/P&L MANAGEMENT, TECHNOLOGYSPECIFICATION AND PURCHASING, AND OTHER RELATED FUNCTIONS. ALL OTHER DOMESTIC SUBSCRIPTIONS: $65 PER YEAR. ALL CANADIAN SUBSCRIPTIONS: $67 PER YEAR. ALL FOREIGNSUBSCRIPTIONS: $295 PER YEAR. SINGLE COPIES: $8.95. SINGLE ISSUE REQUESTS, WRITE TO:BANK SYSTEMS & TECHNOLOGY, P.O. BOX 1052, SKOKIE, IL 60076-8052, OR CALL (1-800) 255-2824,(847) 647-4065, OR EMAIL TO [email protected]. EDITORIAL OFFICES: 240 W. 35TH STREET, 8THFLOOR, NEW YORK, NY 10001; (212) 600-3000. POSTMASTER: SEND CHANGES OF ADDRESS TOBANK SYSTEMS & TECHNOLOGY, P.O. BOX 1052, SKOKIE, IL 60076-8052. PERIODICALS POSTAGEPAID AT MANHASSET, NY, AND ADDITIONAL MAILING OFFICES. COPYRIGHT 2012 UBM LLC. “STANDARD MAIL ENCLOSED, STANDARD RATE PERMIT #161, LONG PRAIRIE, MN.” RETURN UNDELIV-ERABLE CANADIAN ADDRESSES TO APC, P.O. BOX 503, RPO WEST BVR CRE, RICH HILL, ON 14B 4R6.PRINTED IN THE UNITED STATES.

“ If you can’t reduce the complexity of IT, you can’t reduce the cost of IT. That’s where we come in.”Paul Ringmacher, Capco Partner

Capco.com/Paul-Ringmacheror call 212.284.8600

“ If you can’t reduce the complexity of IT, you can’t reduce the cost of IT. That’s where we come in.”

It’s not just about devices. The con-sumerization-driven expectations of“always on,” ease of use, integrationand personalization can be viewed asjust the latest iterations of the long-standing concept of “anywhere, anytime”service and interaction — a concept

that 20 years ago wasconsidered radicaland elusive within thebanking industry, but that provided afoundation for themultichannel deliverymodels that are stan-dard operating pro-cedure today. We’reseeing the impact not

only in the bring-your-own-device(BYOD) movement that BS&T analyzesin the lead story in this issue’s specialreport about consumerization’s effecton the banking industry (starting on

page 16), but also in marketing strategiesshaped by social media and search tech-niques; real-time transaction processingand customer service; and new, more-customized and targeted approachesto product development.

But consumerization also comes with

costs and potential risks. BYOD maymake employees happy and even providesome resource efficiencies, but it’s notcheap. A company with 1,000 mobiledevices that uses a BYOD approachspends an extra $170,000 per year, onaverage, according to Aberdeen Research(due mainly to more fragmented pro-curement and billing procedures relatedto BYOD). And CIOs, CISOs and othertechnology executives are only too awareof the risks to corporate and customerinformation when business processesare conducted via personal mobile devices.

These days, however, resistance toconsumerization is futile, and banks arenot alone in embracing the inevitable.Seventy-three percent of C-level executiveswho responded to a recent Avanade survey said that supporting the use ofemployee-owned technology is a top pri-ority, and 60 percent said their firms areupdating IT systems to make this easier.No bank executive can ignore the potentialof consumerization to address the indus-try’s long-standing challenges regardingcollaboration and productivity — it’sone technology development that hasgone beyond buzzword and trendinessto be truly transformational.

ONSUMERIZATION — the infiltration of consumer technologies

into business organizations — is proving to be a very good thing

for financial services firms. Whether it involves allowing employees

to use their own mobile devices as work tools or driving changes

in online and mobile banking interfaces, this transformation in how both

customers and employees interact with their banks/employers is creating

exciting opportunities for richer, more customized and potentially more

profitable relationships. This is a goal banks have been striving to reach

for decades, so far with only mixed success. But consumerization has the

potential to make this goal much less quixotic.

Resistance Is Futile

C


Katherine Burger, Editorial Director @KathyBurger

FROM THE EDITOR

Volume 49, No. 3

EDITORIALEditorial Director Katherine Burger [email protected]

Group Content Manager Les Kovach [email protected] Associate Editor Olivia LaBarre [email protected]

Associate Editor Bryan Yurcan [email protected] Editor Cara Latham [email protected]

ARTTony Vecchione, Kristen Terrana-Hollis, Igor Jovicic & Yujin Chang

BigYellowTaxi.com

ADVERTISING SALES OFFICE240 W. 35th St., 8th Floor

New York, NY 10001National Sales Director Ben Riggle 212.600.3171 [email protected]

Northeast David Broffman 212.600.3118 [email protected] Coast Matt Kingham 212.600.3084 [email protected]

Southeast and Midwest James Lloyd 212.600.3375 [email protected]

AUDIENCE DEVELOPMENT Assistant Manager Adrienne Farquharson [email protected]

For article reprints and e-prints, please contact:Wright’s Media

Brian Kolb 877.652.5295 [email protected]

List Rental: Specialists Marketing Services

Sarah Orlowicz 201.865.5800 ext.2124 [email protected]

Account CoordinatorAmanda Waller [email protected]

Publishing Services Manager Ruth Duggan [email protected]

PRODUCTION

EVP, Sales, InformationWeek Business Technology NetworkMartha Schwartz [email protected] Director Greg [email protected] Content ManagerLes Kovach [email protected] Sales DirectorBen Riggle [email protected] Vitali Zhulkovsky [email protected]

Senior Director, EventsRobyn Duda [email protected]

Senior Event ManagerMitzi Trafton [email protected]

Senior Event ManagerJoseph Marks [email protected]

Director, Program Management, Vertical MarketsMichelle Somers [email protected]

Business ManagerJoe Donnelly [email protected]

INFORMATIONWEEK FINANCIAL SERVICESTechWeb CEO

Tony L. Uphoff [email protected]

UNITED BUSINESS MEDIA

SVP, Strategic Development andBusiness Administration

Pat Nohilly

SVP, ManufacturingMarie Myers

UBM TECHWEBCEO Tony L. Uphoff

Chief Content Officer andEditor-in-Chief, TechWeb.comDavid Berlind

Chief Information OfficerDavid Michael

Chief Financial OfficerJohn Dennehy

Chief Marketing OfficerScott Vaughan

EVP, InformationWeek Business Technology NetworkEd Grossman

EVP, Sales, InformationWeek Business Technology NetworkMartha Schwartz

EVP, Group General Manager, UBM TechWeb Events NetworkLenny Heymann

EVP, Sales, UBM TechWeb Events NetworkMarco Pardi

EVP, UBM TechWeb Light Reading Communications Group Joseph Braue

EVP, UBM TechWeb Game Network Simon Carless

EVP, Event Operations & Services Lori Silva

SVP, People and CultureBeth Rivera

VP, Editorial Director, InformationWeekBusiness Technology NetworkFritz Nelson

VP, Audience MarketingDan Melore

VP, Brand and ProductDevelopment, InformationWeek Business Technology NetworkJohn Ecke

VP, Performance Marketing and AnalyticsThomas Smith

VP, InformationWeek ReportsArt Wittman

HE RECENT NEWS that credit card proces-sor Global Payments suffered a massivedata breach has banks on high alert. Initialreports indicated that 10 million MasterCardand Visa accounts could have been com-promised, but Global Payments said in earlyApril that the “unauthorized access to itsprocessing system,” which occurred in early

March, affected no more than 1.5 million card accounts.According to Atlanta-based Global Payments, the affected

portion of its processing system appears to be confined toNorth America and to Track 2 card data — which includesaccount numbers. Cardholder names, addresses and SocialSecurity numbers were not compromised, the company said.

While this particular attack was not directed at a bank itself,it is part of an alarming trend of cyber attacks targeting third-party entities that store financial account data, and expertssay banks can learn from this and similar breaches. Notingthat “Financial institutions tend to have extremely robustnetwork intrusion security,” Ben Knieff, senior director, headof fraud product management, for New York-based securityvendor NICE Actimize, says fewer and fewer attacks are directlyperpetrated against financial institutions, with fraudsters insteadtargeting third parties that are perceived to have less-stringentsecurity measures. Cybercrime, such as the Global Paymentsbreach and last year’s breach of the Sony PlayStation onlinenetwork, he adds, “is certainly not something confined to thetraditional financial services ecosystem.”

As a result, banks have made a concertedeffort to work with vendor partners to stemattacks, according to Knieff. “Financial insti-tutions have gotten very good at extendingtheir controls and protections to vendorsand auditing them,” he says. But, “In theU.S. in particular, the chain of payments issubstantially more complex and there aremore parties involved,” creating additional vulnerabilities.

And though banks and their partners have become moresophisticated in repelling attacks, criminals in turn have becomemore sophisticated, says Mike Urban, director of financialcrime solutions at Fiserv (Brookfield, Wis.). “All of these organ-izations are getting hit by attacks constantly, and most arerepelled,” he says. “But every day there are automated attacks

criminals have going out just pinging to see where a weaknessis or if a defense mechanism has adjusted or changed.”

Meanwhile, merchants — especially small businesses — mayrepresent the weakest link in the security chain, notes Urban.For this reason, he says, most financial institutions deploy“around-the-clock” monitoring for potential point-of-sale fraud,and they often are successful using data analytics to identifyrisky transactions. “They have people constantly monitoringand identifying any kind of breach so they can take action onthose accounts as quickly as possible,” Urban reports. “But,” headmits, “it’s sort of like trying to find a needle in a haystack.”

IS EMV THE SOLUTION? Both Urban and NICE Actimize’s Knieff agree that point-of-sale fraud and cases in which criminals make counterfeit cardsfrom stolen information could be nearly eliminated if or whenthe U.S. adopts EMV-based cards and terminals. EMV, the globaltechnology standard for credit and debit card payments namedafter its original developers — Europay, MasterCard and Visa— features cards with embedded microprocessor chips thatstore and protect encrypted account user data.

According to Knieff, after the U.K. adopted EMV cards,there was an “incredibly dramatic reduction” in POS fraudthere. “EMV is inherently more secure,” he asserts.

Both Visa (San Francisco) and MasterCard (Purchase, N.Y.)announced separate road maps to widespread EMV adoptionin the U.S. by 2015. Knieff acknowledges that the costs to card

issuers and merchants may be a hindrance to adoption, but inthe long run, he insists, business will be better off.

“Some people say the ROI from a common-good perspectivecould be 12 to 18 months or as high as five to eight years,” hesays. “But even on the high side, five to eight years is reallynot all that bad considering we’d be making a massive changeto our payments infrastructure.” ■

Third-Party VulnerabilitiesWith yet another high-profile attack against a third party, banks are

reminded that data security vigilance extends beyond their own firewalls.

DATA BREACHES

T

“[Cybercrime] is certainly not some-thing confined to the traditionalfinancial services ecosystem.”BEN KNIEFFNICE Actimize


BY BRYAN YURCAN

NSTANCES OF BUSINESS-TO-BUSINESSpayments fraud decreased slightly in 2011,according to research conducted by theAssociation of Financial Professionals

(afponline.org) and sponsored by J.P. Morgan.But it still remains a legitimate concern for busi-nesses and financial institutions.

The AFP has conducted the survey, whichexamines the nature and frequency of fraudulentattacks on business-to-business payments, everyyear since 2005. While two-thirds (66 percent) ofthe companies that took part in the most recentsurvey reported being the victims of B2B paymentsfraud in 2011, that figure is down 7 percentagepoints from 2009 and is 5 percentage points lessthan was reported in 2010.

Further, three-quarters of organizations thatwere subjected to at least one B2B paymentsfraud attempt in 2011 did not suffer actual lossesfrom fraud. This is largely due to effective frauddetection and controls, according to the Bethesda,Md.-based AFP.

The trends weren’t all positive, however. The2011 fraud figure is 11 points higher than in 2005(which reflected activity in 2004), the first yearthe survey was conducted. And while overallinstances of fraud showed a decline, 28 percentof respondents to the current survey did reportseeing increased B2B fraud activity in 2011 compared to 2010.

BIG TARGETSAccording to the survey, large institutions weresignificantly more likely to have experiencedB2B payments fraud than were smaller organi-zations. Eighty-one percent of organizations withannual revenues greater than $1 billion werevictims of payments fraud in 2011 compared to55 percent of organizations with annual revenuesof less than $1 billion. Meanwhile, organizationsthat make and receive a vast majority of theirpayments within the U.S. were more likely thanthose booking a majority of non-U.S. transactionsto have seen an increase in B2B payments fraudduring 2011 compared to 2010.

Checks continued to be the dominant payment

form targeted by fraudsters, with 85 percent ofaffected organizations reporting that their checkswere targeted. Fourteen percent of organizationsthat were the victims of at least one attempt ofcheck fraud during 2011 suffered a financial lossresulting from such fraud, the survey revealed.

Among other types of commercial paymentsfraud in 2011, 23 percent of respondents said theywere victims of ACH debit fraud, 20 percent said corporate or commercial cards were the subjectof attack, and 12 percent reported consumer creditor debit card fraud. Attacks on wire transfers and

on ACH credits each were reported by 5 percentof participants. Among organizations that didsuffer a financial loss resulting from B2B paymentsfraud in 2011, the average loss amount was $19,200.

“As payment options proliferate, so, too, donew twists on fraudsters’ schemes and techniques,”wrote Stephen Markwell, product executive atJPMorgan Chase (New York), in an introductionto the survey results. “Checks continue to leadas the payment type most attacked, even as theiruse dramatically declines. But as paper gives wayto plastic, Internet and mobile payments accelerate,and the globalization of business continues togrow, the need for new security models becomesever more important.”

Most business-to-business payments fraudattempts involve relatively small amounts ofmoney, according to the AFP survey. For 58 percentof organizations that actually experienced B2Bpayments fraud in 2011, the potential loss thatcould have resulted — or the actual resulting loss— from any single incident was less than $25,000.For 30 percent of organizations, the potential losswas between $25,000 and $249,000, while thepotential loss was at least $250,000 for only 12percent of organizations. ■

COMMERCIAL PAYMENTS FRAUD

I

The good news is, business-to-business payments fraud was down slightly in 2011. The badnews? As payment options proliferate, threats are evolving, requiring new security models.

The Evolving Fraud Threat

81 percent of organizations with annual revenuesgreater than $1 billion were victims ofpayments fraud in 2011.


BY BRYAN YURCAN

S TABLET COMPUTERS proliferate, banks continueto race to keep up with new tablet banking options.In March, both Charlotte, N.C.-based Bank of Americaand New York-based Citi released mobile applications

developed specifically for the Amazon Kindle Fire tablet. Theannouncements were made little more than a week apart.

The Citibank Kindle Fire Edition app features many of thesame rich graphics and interactivity that the bank’s Apple iPadapp offers, including in-depth personal financial managementtools and interactive charts, as well as access to financialeducation resources and Citi’s real-time Twitter customersupport. But while the tablet apps are similar, the bank stressesthat the new app was designed exclusively for the Kindle Fire,“with every component, graphic, touch action, button andslider customized to the tablet’s modified operating system,form factor, screen size and resolution,” according to a release.

Similarly, the new Bank of America Kindle Fire app offersthe same functionality as the bank’s iPad app, including accountoverviews, bill pay and fund transfer, and the ability to locateATMs and banking centers using GPS. And like the iPad app,the Kindle Fire app moves beyond the traditional ledger layoutto blocks and tiles that can be tapped and swiped. But theKindle Fire app’s user interface is slightly different and madeto work with the device’s unique screen size and operatingsystem, says Mark Warshawsky, senior vice president andmobile channel executive at Bank of America.

“It’s important to take the time to invest in these uniqueexperiences,” Warshawsky notes. “We don’t just port the sameapp from one device to another. It’s really about maximizingreach to customers and providing the best experience possibleon the device that they choose to use.”

ON THE CUTTING EDGETracey Weber, Citi’s managing director for consumer Internetand mobile banking in North America, says Citi is alwaysassessing new devices that are gaining traction, and the banksaw the release of the Kindle Fire as a prime opportunity toconnect with more customers. “When Amazon announced theKindle Fire and the price point it was at, it was clear that itwould be a hot item for the holidays,” she tells BS&T.

Both the Bank of America ($2.1 billion in assets) and theCiti ($1.9 billion in assets) Kindle Fire tablet apps join existingrosters of mobile app offerings from the banks that include

apps for the iPhone, iPod Touch and iPad, as well as Androidsmartphones. In addition, Bank of America offers apps forWindows and BlackBerry smartphones. Both banks say thenew releases are an integral part of a mobile and digital strategythat emphasizes accessibility and convenience for customers.

According to Citi’s Weber, tablet innovations in particularare a key part of Citi’s mobile strategy. She notes that Citi hasa small, specialized team dedicated to creating and upgradingtablet apps. “It’s a really big focus area for us moving forward,”she says. “There’s a huge opportunity to deepen our relationshipsand engagement with customers.”

At the same time at which Bank of America rolled out its KindleFire app, it also rolled out a tablet-optimized banking app forAndroid 3.0+ devices. BofA’s Warshawsky says the bank willcontinue to introduce new apps as new devices come out. “Whetherit’s new capabilities or new devices, we’re always going to investin things that make the experience better for customers,” he saysof the bank’s mobile strategy. ■

A


Citi says its tablet banking app for Amazon’s Kindle Fire isdesigned “with every component, graphic, touch action, buttonand slider customized” for the device.

TABLET BANK ING

Bank of America and Citi release apps forAmazon’s tablet, stressing that providing aunique experience on each device is a keypart of a customer-centric mobile strategy.

Kindle Fire Heats Up

BY OLIVIA LABARRE

N BANKS’ RUSH TO INTRODUCE customer-centric applications, apparently security hasbeen a victim. Software analysis companyCast Software recently released its second

annual Cast Report on Application Software Health,or CRASH, a study of the structural quality — theengineering soundness of the architecture andcoding — of business application software. Accordingto the study, which examined 745 enterprise softwareapplications in 160 organizations across industries,while most legacy core banking applications tendto be secure, the newer, customer-facing financialapps tend to have more structural flaws that couldcause operational problems, such as outages, per-formance degradation, breaches by unauthorizedusers, and data corruption.

Bill Curtis, SVP at New York-based Cast Softwareand co-author of the CRASH report, says there are anumber of reasons behind the quality disparity betweenolder, back-end applications and newer, customer-facing apps. For starters, “These large legacy applicationsusually sit on mainframes and are not exposed to theweb — it’s the exposure to the Internet that opensthe doors for hackers to come in,” he explains.

In addition, “For 30 or 40 years, the IT people atbanks have been trying to eliminate all of the securityholes in these legacy applications. They’ve really beenworking hard over a long period of time and havegotten common weaknesses out of the apps.”

The programming language used to write an application also makes a difference in its structuralsoundness, according to Curtis. Many core financialapplications, he says, have been written in the matureCobol programming language, while customer-facingapps are being written in newer languages that tendto be less secure, and they’re often built in severalcomputer languages. “While developers often knowa few languages very well, they don’t know all ofthem,” Curtis insists. “That makes it difficult to lookat the entire app to make sure it’s structurally sound.”

The integration that modern, customer-facingapps require to operate introduces yet another chal-lenge to achieving structural soundness, Curtisadds. “In the old days, we used to just build an appli-cation,” he says. “Now, that application interacts

with a lot of other applications, which continuesto create new ways to make mistakes. We’re con-stantly learning about new problems.”

REAL-WORLD ADVICEKey to avoiding and combatting these applicationproblems is continuing education, asserts Curtis. “Soft-ware engineering is a relatively new discipline,” hesays. “Computer science departments don’t teach theengineering of how to apply computer science to theapplications that run the banks. Once [students] getout into the real world, there’s an awful lot to learn.”

At the very least, warns Curtis, all developersshould be aware of the common known weaknessesthat hackers tend to exploit and avoid them whenbuilding applications — which, he says, isn’t happeningenough now. Banks can point their developers to the Common Weakness Enumeration website(cwe.mitre.org), a free resource that identifies theseknown weakness, and conduct up-front inspectionsof code against a checklist of security holes, he notes.Beyond testing and analysis of code design, Curtissays, bank IT departments also must perform a staticanalysis that looks at the entire structure of an appli-cation, as well as a dynamic analysis that runs thecode to look for performance issues.

As banks increasingly innovate in the mobile chan-nel, taking the proper steps to ensure the structuralsoundness of applications becomes more importantthan ever, Curtis emphasizes. “Security will raise itshead in new ways that are more taxing on the bankbecause of all the different ways hackers can reachthem,” he says. But mobile apps can be just as secureas other applications, he acknowledges. “I don’t thinkwe’re there today, but we can get there.” ■

1. Exposure to the Internet.

2. Newer, untested programming languages.

3. Complex integration with multiple other applications.

Source: Bill Curtis, Cast Software

3 SOURCES OF NEW-APPLICATION VULNERABILITIES

MOBILE SECUR ITY

I

The CRASH report, a study of the structural quality of applications,reveals security vulnerabilities in banks’ newer, customer-facing

applications, especially in the mobile channel.

Holes in the Armor


BY OLIVIA LABARRE

REASURY SERVICES — the broad group ofservices including cash management and liquidity, payments, payables and receivables,and trade finance that banks offer their corporate

customers — has proven to be a resilient and dynamicfoundation for bank growth that has withstood the chal-lenges of the financial crisis and resulting new regulation.But that success also has raised the stakes for banks byincreasing competition, putting pressure on pricing andprofitability, and — most important — raising the expec-tations of corporate customers for their banks to providemore transparency, interactivity and innovation.

This was the theme at the recent SWIFT OperationsForum in New York, where participants emphasized thatcollaboration and information sharing are hallmarks ofthe new corporate banking and payments environment.As Christopher M. Foskett, managing director and globalhead of sales, J.P. Morgan Treasury Services, noted duringthe conference’s opening panel discussion, “We’re lookingat banks forming new partnerships and supporting eachother in ways they haven’t.”

REALISTIC GOALSBanks need to be realistic about what customers wantfrom them — and it’s not always bells and whistles, saidAther Williams III, managing director, head of global pay-ments, global treasury solutions, Bank of America MerrillLynch. “Clients care less about channels — they want

the payment to get to where it needs to be,” he said.Accordingly, the industry needs to “rethink the infra-structure,” Williams added. “It’s straight-through but frag-mented — it’s a bit of a mess.” But while there is a needfor more standardization, that can be a double-edgedsword for banks, he noted. “A balance has to be struck.Standardization can become commoditization.”

Williams elaborated on this issue in a conversationwith BS&T after the panel session, explaining, “There’s

fragmentation in the payments infrastructure. Everycountry has its own clearing [system] and formats. Whenyou look inside each bank, even though they all run onthe same sets of ‘rails,’ the infrastructure is very different.So attempts to standardize are not easy.”

Regarding the expectations of corporate executivesfor simplicity, Williams noted: “When [a company] sendsa comprehensive payments file, [the corporate treasurer]just wants it to happen. We’re focused on providing aseamless, easy environment [that runs] outside of theU.S. as easily as in the U.S. Our job is to make it simple.”

NEXT-GEN STP?The reality is that corporates want more than simply trans-action processing proficiency and speed, although thoseattributes remain critical. However, the “next big thing” willbe about adding insight and intelligence. “The industry hasdone a great job on STP [straight-through processing].There’s still some work to do, but for the most part the vastmajority of our processing is now paperless,” noted panelistPatrick Walsh, managing director, global head, clienttechnology services, Brown Brothers Harriman & Co.

“There are new possibilities and challenges,” he added.“We see the growing complexity in our business. Are wemoving into the post-STP era? We need to define the nextgeneration of STP — STP.0, more intelligent, iSTP — beyondtransactional, more horizontal. It recognizes that the tradeor settlement is part of a larger transaction, a more intelligent

and integrated form of STP.”Yvette Bohanan, director, payments

product executive, Bank of AmericaMerrill Lynch, concurred with this fore-cast. Banks can play a role of enabling“intelligent payments and intelligentcommerce — intelligence all the wayback into the organization. That’s wherebanks have to step up. You’re not afraid

of commoditization if it helps you get to differentiation,”said Bohanan, who recently moved into Williams’ groupfrom BofA’s retail banking organization.

She pointed out that what’s most important to con-sumers regarding different banking channels is security,convenience, choice and control. Similarly, Bohananadded, on the business banking side, “You have to havethe right experiences in each channel to give corporatetreasurers a choice.” ■

TREASURY SERV ICES

T


The next big thing in the treasury services/corporate banking space will be bringing intelligence into high-value transactions, according to participants at the recent SWIFT Operations Forum.

Going Beyond STP to Intelligent Transactions

The current payments infrastructure is “straight-

through but fragmented — it’s abit of a mess.”

ATHER WILLIAMS IIIBank of America Merrill Lynch

BY KATHERINE BURGER

Always partnering

Partnering with your team to develop, implement, operate and maintain your recovery program. Offering contractually guaranteed uptime levels, all backed up by decades of experience and proven availability expertise. Always.

Managed IT Services. Recovery. Cloud. Find out more at www.sungardas.com

ManagedRecovery Program

INANCIAL INSTITUTIONS are accumulatingdata at a faster pace than ever before.Between the massive amounts of informationgenerated internally and an ever-growing

pool of unstructured data from sources such as socialmedia, banks’ data management and storage capabilitiesare being tested. But relief may come in the form ofsemantic databases, which could be the next evolutionin how banks manage big data, says David Saul, chiefscientist for Boston-based State Street Corp. ($2trillion in assets under management).

Given their ability to analyze relationships, semanticdatabases are particularly well-suited for the financialservices industry, according to Saul. “Our most important

asset is the data we own and the data we act as a cus-todian for,” he says. “A lot of what we do for our cus-tomers, and what they do with the information wedeliver to them, is aggregate data from different sourcesand correlate it to make better business decisions.”

Semantic databases are based on the same tech-nology “that all of us use on the world wide web,”Saul adds. “That’s the concept of being able to hyperlinkfrom one location to another location. Semantic tech-nology does the same thing for linking data.”

The semantic data model associates a meaningwith each piece of data to allow for better evaluationand analysis, Saul explains. For example, a typicaldata field might contain a customer’s name —semantic technology knows where that piece ofinformation resides, both in the database and amongunstructured data, he says.

As a result, a financial institution can use thesemantic technology to create a report or dashboard

that shows all of its interactions with that customer.“The way it’s done now, you have to write data extractprograms and create a repository,” Saul says. “There’sa lot of [time-intensive] translation that’s required.”

EASING THE REGULATORY BURDENSemantic databases also can be greatly beneficial forbanks in conducting risk calculations for regulatoryrequirements, according to Saul. “That is somethingregulators are constantly looking for us to do — theywant to know what our total exposure is to a particularcustomer or geographic area,” he says. “That requiresquite a bit of development effort, which equals timeand money. With semantic technology, once you describethe data sources, you can do that very, very quickly.You don’t have to write new extract programs.”

The technology to run semantic databases isbased on standards developed by the World WideWeb Consortium (www.w3.org), Saul relates. Andwhile not widely used in financial services, semanticdata models are prevalent in fields such as healthcareand academia, he notes, adding that State Street is“in the early stages” of implementing semantic data-bases on a limited basis.

“With any new technology, clearly you want tomake sure this is based on a very solid foundation,”Saul says. “The tools in order to do this are only justnow becoming available. Our plan is to prove thisout internally and then work with our customers.”

Fortunately, semantic databases can be imple-mented incrementally, Saul points out. “You can startout with two databases, describe them semanticallyand put them together, and then later add the third,fourth and fifth,” he says.

Installing semantic databases, however, “doeshave a cost associated with it,” Saul cautions, andthey do take up more storage than traditional databases.But as banks continue to try to aggregate data froman ever-growing number of sources, Saul believessemantic data models will become the best optionfor corralling big data going forward. “As you get intothe big data space, and now you’re looking at moreand more data, you need new tools,” he says. ■

F

SEMANTIC DATABASES

Corralling Big DataSemantic databases are the next frontier in managing big data,

says State Street’s David Saul. But the technology to create them is new, and banks must ensure they are built on a solid foundation.


“Our most important asset isthe data we own.”

DAVID SAULState Street Corp.

BY BRYAN YURCAN

ANY ORGANIZATIONS across indus-tries have begun to rely on socialmedia to gain a competitive edge.Banks, however, have been slower

to leverage the proliferating medium; 60 percent ofretail banks still consider themselves social medianovices, according to a recent Accenture retail bankingsurvey. Part of the reason that the banking industryhas been a cautious adopter of social media is its manyregulatory requirements. But it is possible to successfullyleverage social media and also maintain compliance by followingguidance from the Financial Industry Regulatory Authority.

In early 2010, FINRA released its first social mediaguidance, Regulatory Notice 10-06, to help financial organ-izations use social media. Further clarification was providedin August 2011 with Regulatory Notice 11-39. Together, thesenotices provide the framework for regulated firms to maintaincompliance while engaging in social media.

The first step to maintaining compliance with the FINRAguidelines while engaging in social media is to understandthe five main areas in which they provide guidance:

1. RECORDKEEPING. All social media activities must berecorded in compliance with record-retention guidelines. Firmscannot delete, and must archive, all social media activities.

2. SUITABILITY RESPONSIBILITIES. Social mediacommunications that include recommendations of any typemust follow NASD Rule 2310. This means that firms cannotmake promises through social media that they could notmake via traditional communication methods.

3. TYPES OF INTERACTIVE ELECTRONIC FORUMS.Static social media content requires principal approval;interactive social media content does not. This means thatwhile static social media content, including profiles andadvertising, does require the approval of the firm’s registeredprincipal, real-time social media communications do not.

4. SUPERVISION OF SOCIAL MEDIA SITES. Firmsare required to supervise interactive communication on socialmedia sites and adopt policies to stay in compliance. Companiesare responsible for making sure any social media communicationsmade through their accounts, no matter which employee poststhem, remain in compliance with FINRA guidelines.

5. THIRD-PARTY POSTS. Social media posts from thirdparties are not considered communications from a firmunless the firm has endorsed or is involved in the preparationof the content. Firms are not responsible for what otherssay or claim about their products and services unless they

actively involve themselves with the content.The next step in maintaining compliance with

FINRA guidelines is to implement a comprehensivesocial media policy. An effective policy must put acomplete system in place to allow effective, real-time communication via social media and alsoensure that all employees understand how to stayin compliance with regulations. But what should

this policy include to make sure an institution maintainscompliance with FINRA social media guidelines?

Start by making sure the institution meets the record-keeping responsibilities required by FINRA. A system mustbe in place to archive and maintain records of social mediacommunication for the required period of time. Systemsthat automatically delete or remove social media contentare not permitted under FINRA guidelines and should beprohibited in the policy.

In order to meet thesuitability requirementsof FINRA, banks shouldimplement a reviewprocess for all authoredpolicy content. Theyshould also make sure thepolicy includes reviewand approval from a registered principal for all static content,such as Twitter bios or Facebook profiles, and make sure itclearly defines the roles of each individual in a firm. Forposted content, the system should allow certain users to beauthors and others to be reviewers, and designate a user toapprove final content for posting. To prevent breaches, noindividual should be both an author and approver.

Finally, the social media policy should include a processto control responses to third-party messages in the samefashion as internally created content. This will help ensurethat you don’t accidentally endorse content that violatesFINRA policies and that you don’t put your firm in jeopardy.By making sure they have a complete and thorough socialmedia policy and management system in place and byproperly training employees, banks can start to realize thevalue of social media immediately without violating FINRA’scompliance requirements. ■

Scott Oppliger is CEO of SocialVolt, an enterprise social

media management platform. For complete information on

FINRA requirements, visit FINRA’s website, www.finra.org.

M

60 percent ofretail banks stillconsider them-selves socialmedia novices.

SOC IAL MED IA


Social OrderBecause of the industry’s many regulations, banks have been cautious to adopt social media.SocialVolt’s Scott Oppliger offers a guide to creating a FINRA-friendly social media plan.

“A major sea change has occurred in the past two or threeyears” regarding BYOD initiatives at financial institutions, saysGary Curtis, chief technology strategist at New York-basedconsulting and technology services firm Accenture. “Ratherthan having an initial reaction of, ‘How many problems is thisgoing to cause?’ CIOs are now saying, ‘How do we make thiswork without putting the company at risk?’ There’s no longera question of whether they should make it work — it is happeningin just about every major financial institution.”

Bank of America ($2.13 trillion in total assets) is among

the institutions that are embracing consumerization in theworkforce, reports Cathy Bessant, head of global technologyand operations at the Charlotte, N.C.-based bank. Noting thatconsumerization will continue to pervade the culture of financialinstitutions, she says Bank of America is “moving increasinglytoward” bring your own device. Bessant explains that whilemany BofA employees already use their own tech devices forwork purposes, an official BYOD policy has not been institutedacross the entire organization, yet.

But, “It’s not all or nothing,” Bessant notes. “BYOD is some-


B R I N G YO U R OWN D EVI C E

User-friendly consumer devices such as Apple’s iPad increasingly are infiltrating the enterprise and transforming workforce expectations. Despite

security concerns, employee demands and the productivity gains powered bybring-your-own-device initiatives are forcing banks to embrace BYOD.

LTHOUGH THE CONSUMERIZATION and bring-your-own-device, or BYOD, trends aren’t new concepts,

a shift has occurred recently in how banks are approaching them. While CIOs and other bank executives

remain wary of security issues surrounding the use of employee-owned mobile devices for work, they’re

increasingly embracing consumer IT within the enterprise as an opportunity to drive efficiency and

innovation, as well as to increase employee (and customer) satisfaction.A

UNDERPRESSURE

BY OLIVIA LABARREPHOTOGRAPH BY SCOTT STILES

“It’s the storage thatcreates the bulk ofthe risk in a mobileenvironment,” says

Cathy Bessant, Headof Global Technology

and Operations atBank of America.

thing our associates have been asking for and is a huge positive.We’re moving strongly in that direction.”

BYOD programs aren’t limited to large banks, adds Ross Feld-man, chief technology officer for U.S. financial services at PaloAlto, Calif.-based HP. “We’re seeing innovation in these areasfrom the community banks and credit unions, not just the multi-national powerhouses,” he reports. In fact, Feldman adds, somesmaller financial institutions are farther along in their BYODimplementations than bigger banks because the implementations

are occuring on a smaller scale relative to market size.Needham, Mass.-based Needham Bank (about $1.2 billion

in assets) and Ogden, Utah-based America First Credit Union($5 billion in assets), for example, have proven to be innovativeleaders in the BYOD field. Both institutions began by issuingApple iPads to some employees, then eventually changed theirpolicies to allow employees who didn’t qualify to receive oneof those devices to bring in their own.

WORKFORCE RELEVANCE So what’s driving the recent shift among CIOs toward theacceptance of consumer devices and BYOD in the enterprise?Accenture’s Curtis says the trend largely is due to pressurecoming from two directions — the Millennials, the young,tech-savvy generation moving in as new employees; andexisting senior executives.

When the pressure to adopt new devices and BYOD comesfrom an existing senior executive, says Curtis, it’s often becausethat executive’s child or grandchild introduces him or her toa device such as the iPad. “The next day the executive comesin to work and calls the CIO and asks, ‘When can I have whatI need on this type of device?’ ” Curtis relates. “I can’t tell youthe number of cases where I’ve personally heard fromthe CIO that that’s how it happened.”

Curtis also points to recent research by Accentureon the Millennial generation’s use of technology.“One of the key messages we received from themwas that being able to use their own devices andapplications with which they’re already familiarwas a major factor in their choice of where to work,”he says. “And it will become an even greater factor.”

In fact, a bank can’t be assured of hiring the righttech-savvy talent without considering BYOD, Curtis asserts.“They don’t want to know a world without their own devices,even at work,” he says.

According to Thayne Shaffer, VP of finance at AmericaFirst, the credit union’s use of iPads and its BYOD policy“keep us competitive as an employer. It makes us current andmore appealing than we otherwise would be.” Although anoperational decision related to tax reporting started the BYOD

ball rolling within America First, Shaffer continues, theinstitution also wanted to make sure it stayed relevant withthe workforce by keeping up with current technology andnot limiting its employees too much in that area.

James Gordon, VP of IT at Needham Bank, says that whileno one has cited BYOD as a reason for seeking employment atthe bank, current employees have expressed gratitude for theprogram. “I’ve had more than one employee tell me how thankfulthey are and how much more in-tune with work and responsive

they can be because they are able to usetheir own devices at work,” he comments.

HP’s Feldman stresses that banks should-n’t forget that employees also are customers.Allowing employees to use the latest con-sumer devices and applications for work,and asking them for feedback, can provideinstitutions with valuable insight into cus-tomer needs and wants, he says. “That

insight enables institutions to deliver advanced tools faster,”Feldman insists. “That’s true innovation.”

CONFRONTING SECURITY CONCERNSWhile BYOD offers major benefits, security remains a topconcern for financial IT executives. Thankfully, Accenture’sCurtis notes, manufacturers are helping by increasinglyequipping consumer devices with enterprise-level securityfeatures that meet many CIOs’ requirements. Those requirementsgenerally include passwords for access, the ability to remotelywipe out data if the device is lost or stolen, and the ability tostore encrypted data, he says.

Needham Bank implemented Mountain View, Calif.-basedMobileIron’s mobile device management solution to moreeasily update and maintain the security of the 56 devices issuedby the bank, according to Needham’s Gordon. For employee-owned devices, he says, the bank enforces policies mandatingthat the firmware be kept up to date.

CIOs need to constantly evaluate their security solutions,especially for mobile devices, Gordon adds. “What people didfor fraud and risk prevention five years ago certainly doesn’twork today,” he says. “If you have the ability to take advantage

of certain security features within an operating system,then you should. You need to take a look at the new

features as they’re made available and do riskassessments on them.”

At Bank of America, employees who use theirown technology for work purposes must installa firewall on the devices that separates access to

personal and company information, BofA’s Bessantreports. She says the bank has been supporting

remote working environments for some of its employees“for years,” so the company has the know-how from a techperspective to secure remote devices.

But, Bessant acknowledges, there’s more to securing smart-phones and tablets than securing laptops or desktop comput-ers. “Mobile devices are more difficult to secure; there’s a dif-ference between a dispersed working environment and a mobileworking environment,” she says. “Essentially, it’s the storagethat creates the bulk of the risk in a mobile environment. Fraud



“If you have the ability to takeadvantage of certain security features within an operating

system, then you should.”JAMES GORDON

Needham Bank

WIRELESS ATM

MOBILE BRANCH

MOBILE BANKING & PAYMENTS

BUSINESS CONTINUITY

SECURITY & SURVEILLANCE

VERIZON HAS THE EXPERIENCE, NETWORK AND STRATEGIC ALLIANCES TO HELP YOU MAKE A DIFFERENCE FOR YOUR BUSINESS.

Start making a difference for your business.Visit: verizonwireless.com/finance

Verizon enables innovative Advanced Communications solutions, including Mobile Banking and Payments, to simplify transactions while giving your customers greater access to the banking services they rely on. Verizon technology can help you provide increased fl exibility and convenience for your customers, which can lead to greater satisfaction and loyalty. With a full suite of fi nance solutions and the security and reliability of America’s largest 4G LTE network, Verizon helps your offi ce run more effi ciently than ever before.

VERIZON SOLUTIONS FOR FINANCE

4G LTE is available in more than 200 cities in the U. S. Network details & coverage maps at vzw.com. © 2012 Verizon Wireless.

is always a potential problem. I believewe will evolve toward the ability ofdevices to use data but not store it.”

Implementing a cloud-based archi-tecture can mitigate the risk of storingsensitive data on mobile devices, accord-

ing to Accenture’s Curtis. “In the pastcouple of years mechanisms have been

evolving so that data can be stored in an off-site, fully encrypted cloud environment, and you can obtain itwith a password,” he says. In terms of security, Curtis notes,cloud providers’ systems are “probably more secure than mostlarge-scale financial institutions.” He adds that storing data inthe cloud also saves an employee’s personal data if the deviceneeds to be wiped remotely.

At the end of the day, Curtis says, there’s a lot of individualresponsibility left in the equation for employees who use anydevice that has access to secure data inside a company. “Explainingwhat those responsibilities are and why they’re there is crucial,especially with the kinds of threats that are out there thesedays,” he asserts. “Laying that out in a sensible, common-

language way is a challenge to companies, although they’rewaking up and starting to do a better job at that and selling thepolicies to employees rather than just making them sign a paper.”

Many in the financial industry finally are beginning to agreethat the benefits of allowing employees to use consumer devicessuch as tablets and smartphones — whether they’re owned bythe company or the employee — outweigh the added securityconsiderations. “There’s work to do to enable access to newdevices,” says Curtis. “But there’s a big payoff in risk controland information quality and convenience for employees.”

THE ADVENT OF ‘APPIFICATION’ Needham Bank has seen increased productivity all the wayfrom support staff to top executives since issuing iPhones andiPads to some employees and allowing others to use their owndevices, reports the bank’s Gordon. The “appified” approachthat these devices facilitate, he says, has changed the wayspeople work. “This approach relates back to specific job functionsas opposed to the Microsoft Word days, when people said youhad to have Word,” he explains. “When people talk about mobileapps, they’re usually related to a specific function.”

According to America First’s Shaffer, “If we sat everybodyaround the table, they’d show us they have their own littleapps that help them with their jobs — there’s no questionabout that. Employees don’t necessarily just use corporateapps for work; they go out and download their own apps, justlike they would at home.”

Corporate apps aimed at enterprise productivity, however,also are making differences at America First. Shaffer pointsto San Diego-based MeLLmo’s Roambi, an iPhone and iPadapp that compiles data and transforms it into interactive visu-alizations. Board members and credit union executives, hesays, now access data such as financial and risk reports usingthe app. Previously, the IT department had to run reports thatwere then delivered through piles of printed paper or PDFs.Now, information funnels from a Microsoft (Redmond, Wash.)SharePoint portal to the Roambi app. Employees only need totap the Roambi icon and in seconds they’re seeing importantdata represented in interactive charts, Shaffer says.

“That convenience of getting to the data has changed a lotof the conversations and meetings in our organization. Before,someone would bring a chart, someone else would bringanother one, and we’d argue about which chart was right, andwe didn’t make a decision,” Shaffer continues. “Now all ofthis data is coming through one source, and everybody hasthe same information at their fingertips. If you want a metric,it’s in Roambi — you don’t have to go any other place to findit. Our deliberations, decision making and pricing discussionsare much more efficient.”

Moving forward, Accenture’s Curtis predicts, innovationsspurred by consumerization and BYOD will become more common -place in bank IT organizations. “If you push the clock forward afew years, you’re going to see a whole different class of devicesin the hands of employees of major banks — there’s going to bea lot more mobility in different forms, very powerful apps and alot of transactional capability,” he says. “Sure, the infrastructureand security requirements will have to be solved; but they willbe solved, because this is what consumers want.” ■



Any bring-your-own-device initiativecomes with new IT complications.Even for something as straightforward as an iPad, you’re now dealing withthree hardware versions and an infinite number of iOS versions thatmay or may not be compatible withthe software at the bank, such as thebank’s mortgage loan origination system (LOS). Below are threeconsiderations you don’t want tomiss before implementing a BYODinitiative at your institution.

1. Ensure your team hasthe skills necessary for a BYOD implementation. Given the variety of devices and operating systems, programming lan-guages and tools, surrounding software, instances of integration,and database and hardware platforms, it is highly unlikely that thenecessary skills for BYOD will be found in an individual or two.

2. Calculate the start-up costs to build the BYOD certification capability and the fixed costs to operate it.Approving a new device entails certifying that the device hard-ware and software operates as planned with the bank’s LOS and other systems. Certification of the device will require staff, hardware, software and other tools — sometimes labeled a “lab.” Personnel costs, fixed hardware, software and other costs tooperate the lab for BYOD deployments add up. Leveling thesecosts can be accomplished by spreading them across multipleBYOD implementations as well as business-as-usual work (duringslow times), but this takes careful planning and coordination.

3. If sourcing the BYOD certification work externally,be sure to establish clear standards with the selectedvendor. This approach could help mitigate fixed costs andunique skill considerations. However, an emphasis on settingstandards will help meet business expectations and minimize certification surprises. —Tom Mataconis, VP, Consulting, Carlisle& Gallagher Consulting Group

3 CRITICAL CONSIDERATIONS FOR BYOD

Banks must focus on BYODskills, says Carlisle &Gallagher’s Tom Mataconis.

Subscribe Today!Just answer a few simple questions and you’re set forthe year. To get started, visitget.banktech.com

…and it’s

FREE!

Exclusive Digital IssuesBank Systems & Technology

Digital Editions delivered to your inbox.

BS&T Daily The best of Bank Systems &

Technology News

The Bank Systems & Technology Digital Subscription Package:

Premium Industry ReportsUnlimited access to

InformationWeek Reports

Bank Systems & Technology direct to your inbox…


S O C IAL M E D IA

OCIAL MEDIA has revolutionized theways companies engage with their cus-tomers. Facebook, Twitter and the count-less other social networking sites provide

all businesses, perhaps especially banks, a uniqueopportunity to listen to what consumers are sayingabout their brands — and to respond almost imme-diately. But among other social media pitfalls,financial institutions must be careful not to try tocontrol the conversation and censor those who levelcriticism toward them, as social media missteps canlead to PR disasters.

Banks, however, may be a little too cautious inapproaching social media, often failing to embracethe full benefits, says Steve Ellis, a partner with New

York-based research and consulting firm Change Sciences Group. According to the firm’s recent reporton banks’ use of social media, too many banks merelyhave “placeholder” presences on social media sites,or they have set up auto responses to customer queriesrather than have staff answer them personally.

This is a grave misstep, says Ellis, because a bankcan use social media to completely reinvent its brand,especially important given the poor public perceptionof financial institutions embodied in movements suchas Bank Transfer Day and Occupy Wall Street. “Therehas to be a top-down, concerted effort in financialinstitutions to approach social media as just anotherchannel through which they can interact with cus-tomers,” Ellis says. “Social media is just as important

as the branch and call center channels, and in manyways more important since it’s so public.”

It’s exactly because of that very public nature ofsocial media that banks must get it right, says CathyBessant, global head of technology and operationsfor Charlotte, N.C.-based Bank of America. Socialmedia and technology “have given the consumer anincredible voice, and the ability to communicatedirectly with a CEO or board of directors,” she adds.

“When there’s a teller or other human interfacewith the customer, often they can navigate a systemissue so that the customer is never even aware of aproblem. With e-channels, the customer impact isimmediate,” Bessant continues. “There’s no way tocorrect a problem before the customer sees and

experiences it. We have to get itright the first time.

“There’s tons of opportunity,for both the banks and the cus-tomers,” she adds. “The only question is how to harness it.”

Change Sciences’ Ellis believesthe best way for banks to harnesssocial media is to “create and

engage in social media communities and help thebank solidify its image of being a trusted financialpartner.” Sharing helpful information — a personalfinancial management tool or a tip on how to bettersave money — is a simple example, he says.

CROWDSOURCING PRODUCT DESIGNBut Ellis recommends banks go further, actuallyopening up their products to online user reviews,though he acknowledges most financial institutionsare not inclined to do this. “Most banks don’t wantto open themselves up to that,” he says. “There’s areal fear there, and it shouldn’t be that way.”

Of course, there are exceptions, Ellis notes. AllyBank, a subsidiary of Ally Financial ($185 billion in

DON’T BE AFRAID OF SOCIAL MEDIA

SBY BRYAN YURCAN

@B RYANYU R CAN

Banks ignore social media at their own risk. But effectively taking advantage of the ever-growing channel requires true engagement and authenticity.

“Social media is just as important as the branch and

call center channels.”STEVE ELLIS

Change Sciences Group


total assets) in Detroit, for example,created a temporary Facebook presencecalled “Ally Idea Share” that asks con-sumers for thoughts on how to makecertain banking products better. And Barclaycard US, the American paymentsarm of London-based Barclays (US$2.5 trillionin assets), made news in March when it announcedthat it was releasing a credit card designed and builtusing community crowdsourcing.

Dubbed the Barclaycard Ring, the MasterCard-affiliated product, which debuted in April, is Barclays’first foray into the U.S. card market. Barclays collectedinformation about which features the card shouldhave via Twitter, Facebook and Google+, in additionto through its own dedicated website.

According to Paul Wilmore, managing director ofconsumer markets for Barclaycard US, the bank willbe engaged with this online community of card mem-bers well beyond the initial stages of product design.Cardholders of the Barclaycard Ring, he says, willbe akin to shareholders, and they will be able to weighin on future matters relating to the card. For example,Wilmore notes, the card has an introductory APR of8 percent — if card members were to raise concernsabout late fees, they could vote to reduce late feesbut increase the APR slightly.

Cardholders can vote on funding loans, Wilmoreadds, and extra profit the company makes above acertain threshold will be shared back with the com-munity, in forms such as money back to individualmembers or donations to a char-itable cause of the community’schoice. Members also will haveaccess to the card’s financialprofit-and-loss statements.

The pilot community was ini-tially opened to a few thousandcardholders by private invitation,according to Wilmore. “We want-ed to change the dialogue with the consumer andbe honest and open in everything we do,” he says.

According to Wilmore, three main factors droveBarclays to create these “online financial communities.”One, “America’s trust in banks is at an all-time low,”and Barclays wants to try to counter that perceptionby getting its customers more involved in the deci-sion-making process. Two, he says, the new regulatoryenvironment requires financial institutions to bemore open and transparent. And three, the explosionof social media and sites such as Groupon and LivingSocial are “literally redefining how products aremade and how they are priced.”

Wilmore adds that once the decision to createthese online communities was made, the bank partneredwith Emeryville, Calif.-based community softwareand social media marketing company Lithium to helpcreate them. “We know how to do credit cards —

that’s in our wheelhouse,” he adds. “Thecommunity side of it is something new.”

Wilmore notes that the fact that Barclays is a relatively unknown brandin the United States will play to its advan-

tage in launching the new card. “This isa very, very clean brand that is known for

doing innovative things,” he says.

TWITTER DEALSAmerican Express ($152 billion in assets) also istrying to capitalize on the popularity of social mediaand so-called “daily deals” websites. The cardcompany teamed with Twitter in March on a programin which cardholders can synchronize their cardswith their Twitter accounts. When they tweet usingcustomized hashtags, couponless deals are loadeddirectly onto their cards.

“We know that many of our cardmembers andmerchant partners are already actively engaged inTwitter, and we wanted to create a way to help themget more out of the platform,” says Bradley Minor,vice president of social media communications atAmerican Express (New York). According to Minor,the program is powered by the company’s SmartOffer set of APIs. Amex earlier this year utilizedthese APIs to run couponless deal promotions withFacebook and Foursquare.

“No more showing your phone to a cashier toreceive a discount,” Minor says. “No more wonderingif that offer your business served up in an application

actually delivered increased business. It’s theequivalent of embedding a coupon in your card. Indigital, and especially mobile, this user simplicityand non-clunkiness is key.”

American Express created a specialized Twitterhandle, @amexsync, that serves as an automatednotification system when someone sends a tweetthat includes one of the special-offer hashtags, Minorexplains. This handle detects if a user’s card is alreadysynced and either confirms offer enrollment or providesthe cardholder with a link to first sync the card.

Change Sciences’ Ellis notes that ultimately,whether a bank is successful using social media topromote its brand comes down to authenticity. Butmore banks than ever before are coming to the real-ization that social media is not going away, he says.“It’s fair to say,” Ellis adds, “banks on the whole aretaking this more seriously.” ■

“We wanted to change the dialoguewith the consumer and be honestand open in everything we do.”PAUL WILMOREBarclaycard US


TH E R ETAI L E X P E R I E N C E

E X T Y E A R , chi ldren born whenAmazon.com sold its first book online —in July 1995 — will turn 18, possibly strikingout on their own for the first time to get

a credit card, open a checking account or secure anauto loan. Those consumers will have grown up in aworld defined by e-commerce — their ability to instantlypurchase products and services has been limited onlyby their imaginations (and their wallets). Like a newsong? One click on iTunes and it’s yours in 30 seconds.A friend at school has a cool pair of new shoes? Zapposcan deliver your own pair in 24 hours.

Feel old yet? Well, you can’t afford to if you’rein financial services. Within the banking enterprise,the business, technology, marketing, distribution,human resources and even compliance departmentsmust work together to create and deliver productsthat meet consumers’ evolving needs andreal-time expectations.

“Retailers tend to put a lot of focuson the customer and tailor their deliveryplans and development plans to thatend,” says Theresa Wilson, CIO, con-sumer lending, for San Francisco-basedWells Fargo ($1.3 trillion in assets). “Weapproach meeting our customers’ expec-tations with the same thought process.”

Though speed is of the essence, there are a numberof other lessons financial services companies canlearn from the ways retailers have adapted to thenew consumer paradigm, adds Neff Hudson, assistantVP of emerging channels at San Antonio-based USAA(approximately $19 billion in revenue). “Consumers’expectations are being set by the smartphones intheir pockets and the tech companies that they’redoing business with, all of which operate at a very

different speed than anything the financial servicesindustry does,” he says. “When you think about what’shappened to retail because of commoditization andprice transparency, they have to get really good aboutgetting people into stores, and they’ve been very for-ward-leaning in terms of marketing, use of data, part-nerships in unusual places and cost-efficiency.”

USAA has viewed Amazon as a role model for “threeto four years,” according to Hudson, who says the inte-grated financial services provider is especially impressedwith Amazon’s use of predictive analytics to offerproduct recommendations. People like easy-to-under-stand comparisons, he adds, and there’s a lot of oppor-tunity to do that at his company, which providesbanking, insurance and investment products to militarypersonnel and their families. “For example: ‘Peoplelike you need life [insurance],’ ‘People like you need

this much comprehensive coverage,’ ‘Have youconsidered umbrella insurance — because

people with your asset class tend to use it.’ ”But when it comes to cross-selling

USAA financial products to the company’sbanking and insurance customers, theregulatory framework is not always so

simple. USAA is required to disclose, storeand secure very specific information for its

investment sales, for example. This means USAAhas to be very careful about sharing informationamong business units, Hudson says. “Sometimeswe get intimidated by regulations and followingprocess and procedures, and we forget that whatpeople really want is advice,” he acknowledges.

There’s also the matter of customer loyalty, Hudsonsays — specifically, not taking it for granted. “We can’tassume we have a trusted relationship with everyproduct — you may trust us with auto insurance, but

RETAIL EXPERIENCEWANTED

NBY NATHAN GOLIA

INSURANCE & TECHNOLOGY

Tech consumerization has fundamentally changed the customer experience. Online retailers have led the way in providing the kinds of real-time, personalized

transactions that consumers have come to expect. What can banks take away fromthe modern retail experience to improve their own customer satisfaction?


do you trust us as an investment company?” he poses.“We feel, if we can get you as an auto insurance andbanking customer, we can keep you for a long time.”

Where USAA really sees the benefit in retail-likecustomer analytics, Hudson adds, is in product devel-opment. He points to the banking unit’s Deposit@Mobilecapability as an example of tying the end consumer’sdesire for faster processes with a business need toreduce paper flow. “Our best innovations have beenthe ones where the business need was aligned withthe member need,” Hudson reports. “In that case,our enemy was paper, and what members neededwas a way to get their money deposited quickly.Asking people to use their phones to speed up aprocess is just natural.”

SMOOTHING THE BUYING PROCESSTo speed up the insurance application process, Pro-gressive is looking to exploit consumers’ penchant formobile devices by offering mobile imaging. ForresterResearch (Boston) analyst Ellen Carney says streamliningthe application process is an area in which insurersneed to up their games in order to meet customers’demands to get out the door with an insurance policyas quickly as they would with an online retail purchase.Big data, she says, can help these efforts by tappingunconventional data sources to build a risk profilefaster and with less effort on the prospect’s side.

“As soon as customers have to put in things liketheir Social Security numbers, you’re going to getdrop-off,” Carney contends. “If we can get the algo-rithm right, where we don’t have to ask for sensitiveinformation, people are going to be more apt tocomplete the application.”

But are banks in a position to take a similar step?Tracey Weber, head of Internet and mobile bankingfor North America consumer banking at New York-based Citi ($1.9 billion in assets), says it’s not aboutcollecting less information — it’s about designing aprocess that facilitates completion and identifyingthe sticking points where con-sumers get tripped up.

“Traditionally, because wedon’t have a sexy product to sell,people thought design didn’tapply in this context of checkingyour balance or paying a bill,”Weber says. “But we do a lot ofacquisition through our website, and that’s a greatexample of where the design of the experiencemakes a big difference.”

Retailers have done a good job of website designthat is aimed toward getting people to complete e-com-merce transactions, Weber notes, and Citi recentlyredesigned its website with that in mind. For example,online chat — another retail innovation imported intofinancial services — helps release consumers from snagsin the account-opening or card application processes.

“The challenge is, the amount of information youneed to input is not insignificant,” according to Weber.“So we’re always looking for ways to make any ofour digital experiences easy for consumers and aselegant and as streamlined as possible. The retailerswere the first to use chat to make sure people madeit to the end of the shopping cart.”

Before joining Citi, Weber worked at Travelocity,an online travel booking company. She says thatfrom the consumer’s perspective, the barriers to“closing the deal” in the travel industry are comparableto those in financial services. Her goal at Citi, sheexplains, is to incorporate best practices learnedduring her time with Travelocity into the onlinebanking experience.

“People are a combination of rushed and nervous,very much focused on speed and purpose whenbooking an airline ticket. There’s that, ‘I picked thecorrect day, right?’ feeling,” she explains. “In financialservices, people are similarly nervous when they paya bill: ‘Is the amount right?’ ‘Is it going to be deliveredin time?’ Web analytics are very useful in understandingwhere people are struggling in the flow.”

BUILDING PERSONAL RELATIONSHIPSThough speed is a major component of the retailexperience that consumers crave, they also want tofeel valued by the companies with which they dobusiness, and personalized recommendations andservice go a long way toward buidling the right typesof relationships. As a result, financial services providersneed the best view possible of their customers inorder to match them with the right products.

Rod Brooks, CMO for the Seattle-based propertyand casualty insurance company PEMCO (more than$300 million in annual premium), says his company’sfamiliarity with its policyholders is a clear-cut advantagefor the regional insurer. “Within retail, there are a lotof different kinds of experiences that people value:big-box stores, convenience stores, the online expe-

rience, the local store,” he says. “You need to considerthe clientele and the consumer and give considerationto how you can translate your brand. Once you takethat position that says we’ve got a home-court advantage— we know the customers more than the nationalguys — that’s the differentiator between the big-boxstores and the local mom-and-pop store.”

The difficulty for insurers is that once the productis sold, the customer doesn’t typically make repeatvisits to the site, Brooks cautions. On the other hand,

“The customer experience has tobe very intuitive and have speedof purpose.”TRACEY WEBERCiti

banks benefit from ongoing interactions with theircustomers, similar to the advantage retailers enjoyin terms of being able to touch consumers multipletimes and at many different points — through adver-tising, in the parking lot, online, he says.

The challenge, Citi’s Weber adds, lies in under-standing the nature of each customer interaction,and tailoring the experience accordingly. “There area lot of people who are checking in frequently to seewhere their balance is, but you also have a person

who comes only a couple times a month, pays alltheir bills, and downloads lots of information,” shesays. “That’s why the customer experience has to bevery intuitive and have speed of purpose.”

When PEMCO has an opportunity to talk to existingcustomers, it encourages them to come back to itswebsite and leave reviews of the products they’vepurchased, Brooks notes, explaining that this servesthe dual purpose of reinforcing PEMCO’s positionas a trustable institution while also replicating afamiliar experience for today’s online shopper.“Retailers want to have their products and servicesreviewed, especially when they think that’s a com-petitive advantage,” he says. “Any time we have anopportunity to interact with a customer at one of ourprimary touchpoints, we’ll offer them the opportunityto leave a review with us.”

Knowing whether a customer has left a reviewalso becomes a data point for PEMCO that it cantouch on in its later interactions with the policyholder,Brooks adds. Retailers are always keyed in to thelast time a customer interacted with them, he says,and PEMCO is making investments in its customerdata systems to make sure it has that singlesource for all customer information.

“If someone calls, you have to beinformed about what they bought, whatthey’re open to buy, when’s the last timethey called, what kind of service expe-rience did they have, did they write areview, what’s the household makeup,”Brooks insists. “Amazon built their companythat way. But insurance companies are convertingour companies to that. You can’t provide a world-class experience if you have to pull up three differentsystems to figure that out.”

Louisville, Ky.-based health insurer Humana(approximately $37 billion in revenue) has incor-porated a rewards program, HumanaVitality, intoits policyholder wellness initiatives. The program

— which is similar to a credit card or supermarketloyalty program —awards points based on howpolicy holders meet wellness milestones. Humanaissues customers pedometers that allow them togain points daily, and the company entered a part-nership with videogame maker Ubisoft on a fitnessgame that also allows point accumulation. Pointscan be redeemed online for merchandise.

“The future is in non-intuitive partnerships betweenhealthcare companies and consumer-focused com-

panies,” says Shankar Ram, vicepresident of innovation at Humana.“What’s really unique about thispartnership is that we haven’t justsponsored in-game content — it’sthe data exchange point that’s allow-ing us to get the data from gameplayto reward our Vitality members.”

More robust data collection could help bankswith their loyalty programs, according to Nigel Smith,managing director of New York-based Accenture’sbanking distribution and marketing services in NorthAmerica. The recent Accenture Global ConsumerSurvey revealed that while participation in bankloyalty programs is on the rise, those programs aren’tas effective as they need to be, he notes. About athird of bank customers reported that they did notknow that loyalty programs were available, and lessthan half said loyalty programs have persuaded themto stay with their banks.

KEEPING CUSTOMERS SATISFIED“More customers are joining traditional loyalty pro-grams, yet these programs are not enough to keepcustomers satisfied,” Smith recently told Bank

Systems & Technology. “Agile banks monitor cus-tomers’ behavior and purchases so they can easilyspot when a particular customer’s commercial patternschange and respond accordingly, using advancedcustomer analytics. Importantly, the magnitude of

these changes must be viewed through the eyesof the customer, not the bank.”

But as financial services companiescollect growing amounts of consumerdata, it’s important to make sure thatsecurity protocols are in place to handlethe influx of sensitive information, stresses

Wells Fargo’s Wilson. “Fundamentally,financial services is based on a sacred trust

with the customer,” she says. “Ultimately, customers want secure, anytime,

anywhere banking using a variety of access channels,”Wilson continues. “There’s no question that safeguardingcustomer information and information security ingeneral is a top priority.” ■

This article contains additional reporting from

BS&T’s Olivia LaBarre.


“Ultimately, customers want secure,anytime, anywhere banking using a

variety of access channels.”THERESA WILSON

Wells Fargo

TH E R ETAI L E X P E R I E N C E

OU CAN’T BLAME BANKERS for keeping regu-lators top of mind — it’s built into their wiring.But now that personal mobile devices are workingtheir way into regulated industries, banks must

address the challenges they pose in ways that also takeadvantage of the opportunity they offer to serve customerson an entirely new level.

Inside banks, employees are using their favorite mobiledevices — with or without their employers’ approval. Dellresearch on the evolving workforce, co-sponsored by Intel andconducted by TNS Global Market Research, shows that themore that businesses crack down on the use of employee-owned devices, the more likely workers are to use them anyway.

Email, instant messaging and mobile data all can exposea bank to risk. Online attacks continue to grow in sophistication,with viruses, spam, inappropriate content, spyware and phishingbecoming more common. Given the compliance burden onbanks, practical mobile device policies and effective datasecurity measures are critical.

Meanwhile, consumers expect to use their mobile devicesto connect with banks just as they do with any other business,paying their bills and managing accounts as easily as they

tweet . Banksmust connectwith customersacross multipleplatforms and anarray of devices.Again, data secu-rity is paramount,and efficiency is

key to preserving the IT budget and keeping the lights on.Many companies in regulated industries are hunkering down

in response to the daunting task of protecting data in a hetero -geneous device environment, but that’s neither a competitivenor effective approach. A better one is to embrace customer-centricity by setting the goal of becoming a “connected bank.”There are four approaches for breaking through organizationaland infrastructure complexity that will enable banks to createan integrated organization focused on the customer:

1. REDUCE COMPLEXITYCompanies are struggling with disparate ITsystems, silos, redundant platforms and sprawl-ing data centers. That kind of tangle makesit difficult to communicate and share dataacross an organization, let alone with a global customer basetrying to connect on devices of every shape, size and maker. It’salso the biggest reason companies don’t have the budget toinnovate: They have to spend every dime on running the business.

2. UNDERSTAND AND ENGAGE THE CUSTOMERBanking customers are becoming less loyal, but the means toincrease their loyalty is close at hand. Consumers want to buythrough multiple channels with ease and share their experiencesthrough social media. Now is the moment for banks to developintimate relationships with their customers, based on trustand the fulfillment of their needs and expectations.

3. MANAGE RISKEconomic conditions and regulations are shifting quickly. Banksneed to marshal technology to prepare for any outcome so theycan respond quickly and effectively throughout all circumstances.By going beyond the minimum requirements and focusing ona broader security program, banks not only can respond to andmitigate potential data breaches and attacks, but also servecustomers more efficiently and improve the bottom line.

4. MAKE GOOD SENSE OF DATAFor all the discussion of the effect of mobile devices on business,it’s not about the devices — it’s about the data. The device isjust the means to input and view information. While they’readdressing the security and regulatory problems mobile devicescreate, banks need to make certain that the data they’re securingis working hard for their customers and their business models.That’s where the true value lies in a customer-centric business,and technology is the only way to achieve it. ■

Bob Barris is VP of sales for Dell’s Global 500 banking and

securities business and global practice lead for the banking

and securities vertical.

Banks face big hurdles to engaging consumers in the mobile era, saysDell’s Bob Barris. He offers tips for getting closer to customers.


The more businessescrack down on the use

of employee-owneddevices, the more likely

workers are to use them.

C U STO M E R E N GAG E M E NT

Y

4 KEYS TOCONNECTING WITHCUSTOMERS

Out of the gate, the CFPB has had to balance thedual tasks of carrying out its mandate as a regulatorwhile also building a technology infrastructure. Asthe agency’s CIO, Chris Willey is intimately involvedin that ongoing process. No newcomer to the techdemands of a federal agency, Willey served as thedeputy CIO at the U.S. Office of Personnel Manage-ment prior to becoming the first CIO of the CFPB.

Since the CFPB essentially was built from scratchover the past few years, the agency is in a uniqueposition technology-wise compared to other federalagencies. According to Willey, there are both pros andcons to helming such a recently formed outfit. “Nothaving legacy applications is a big relief, but there aredefinitely challenges, because there are a lot of federalregulations and laws that need to be complied with,and those take time and a lot of effort,” he says.

Willey adds that he and the rest of his staff havebeen juggling the day-to-day operation of the agencyand helping to support its various initiatives whilesimultaneously building up the tech infrastructure.The CFPB began its existence as a part of the Depart-ment of the Treasury and was able to leverage thatagency’s infrastructure, such as laptops and networkaccess, Willey explains. But the CFPB has begun to“peel off some services from the Treasury infrastructureand stand them up on our own,” he reports, estimatingthat the process will continue through the rest ofthis fiscal year and likely into the next one.

TECH AT THE HEART OF THE MISSIONWilley says he is “really excited to be a part of anagency that has the innovative use of technologyin its mission.” “From the director on down to every-


I N S I D E TH E C F P B

Charged with helping consumers better understand financial products, the Consumer Financial Protection Bureau began operations in mid-2011.While it has begun outreach initiatives to help it understand the scope of

its task, the agency also has had to build its tech infrastructure. CFPB CIOChris Willey recently spoke with BS&T associate editor Bryan Yurcan

about the benefits and challenges of being a newly created entity and about how technology advances the agency’s mission.

OLLOWING ITS INCEPTION in summer 2011, the federal Consumer Financial Protection

Bureau hit the ground running. Borne out of the Dodd-Frank Act in response to the

financial crisis, the fledgling agency is responsible for promoting transparency in

financial products, especially potentially complicated products such as mortgages

and credit cards that often include extensive “fine print.” F

21st Century Building a

AgencyBY BRYAN YURCAN


body that works here,” he comments, “everybodyrealizes the only way we’re going to be successfulis through the smart use of technology.”

And the agency has wasted no time leveragingmodern technology to help consumers understandthe financial documents they are signing. Forexample, the agency sought to create a simplifiedmortgage disclosure document that could help con-sumers by clearly defining the terms of the deal.“We didn’t want to do the usual thing — create someprinted document and show it to some focus groupsand bring it around to the conferences and that sortof thing,” Willey relates. “We wanted to use thepower of technology to get a broader reach andmake it easier for people to give us their comments.”

According to Willey, the CFPB presented two dif-ferent forms online and asked consumers to indicatewhich one best conveyed the information in a clearand concise manner. Consumers could also makecomments on each section of the documents if theythought any parts of them did not make sense.

Another area in which the CFPB has used tech-nology to improve consumer engagement andstreamline the process is consumer complaints.Willey and his team created an online portal throughwhich consumers can send their complaints to theagency. The consumer then can go online to trackthe progress of the complaint, and the financialinstitution can leverage the portal to respond andkeep the consumer informed about the steps it’staking to rectify the situation.

“We give banks 15 days to resolve the issue, andit usually ends up being resolved in seven to 10 days,”Willey says. “Banks are beingvery responsive, and consumerslike it. Technology allows us todo this in a more automated way.”

Willey notes that the CFPBalso uses social media extensively.He says all of the agency’s eventsare streamed live whenever pos-sible. Further, the CFPB supportsthose events with Twitter and Facebook campaigns.“So people are following along with the live streamand tweeting questions at the same time, and itbecomes a bigger, broader conversation that we’rea part of,” he says. “That’s one way we’ve used socialmedia to enhance what we’re doing.”

LOOKING TO THE CLOUDWilley points out that, from a technology perspective,the CFPB has benefitted from being a new organization.For one thing, the agency does not have to worryabout migrating legacy apps to the cloud; rather, itcan launch applications in the cloud from the start.In fact, Willey reports, the agency doesn’t have a datacenter of its own — everything is hosted in the cloud.

“Everything is hosted in either public or privateclouds,” he explains. “We were able to do that fromDay One and not think about how we were goingto have to do it later. Whether it’s a lease for a datacenter or servers and all the ‘fun’ stuff that goes withbuilding a data center — we didn’t do any of that.We essentially rented the stuff in the public cloud.”

This has allowed the CFPB “a lot of flexibility”as the agency seeks to be agile end to end in itsoperations, Willey continues. On the front end, hesays, he prefers to use a rapid development languagesuch as Python, which, along with Django, is theagency’s development application environment ofchoice, Willey adds. The CFPB also uses Scrum andother agile project management methodologies tomanage projects, “and since we’re in the cloud,we’re able to stand up the infrastructure in a matterof minutes as opposed to months,” he notes.

FROM SHAKESPEARE TO SERVERSDespite Willey’s current embrace of modern tech-nology, he took a circuitous path to the world ofIT. While studying for degrees in English and Com-parative Literature at the University of Massachusetts,he drove a bus for UMass Transit, a fare-free busservice for students and faculty, to help pay for histuition. But even then Willey had an interest in com-puters, and he asked the person in charge of thetransit system’s computer network if he could showWilley how it worked.

“One day, he didn’t show up for work, and I wasthe only guy who knew how it worked,” recallsWilley. “And so, literally, for a year and a half or so

I ran their very small computer network. But thenI found I had an interest and affinity for it, and Isort of parlayed a career out of it. So I kind of fellinto it.” Willey later obtained an M.B.A. from theUniversity of Maryland when he realized he wantedto achieve a management-level position in IT.

Willey says he has a “great relationship” with theother directors at the CFPB, and he gets “a fairamount of face time” with agency head Richard Cor-dray. While some in the banking industry may viewthe CFPB with a cautious eye, he says, the agency’sfunction is merely to enable consumer awareness.“At the end of the day, we’re here to help consumersunderstand the products they’re buying, not to tellthem which products to buy,” he says. ■

“The only way we’re going to besuccessful is through the smartuse of technology.”CHRIS WILLEYConsumer Financial Protection Bureau

U SAA takes an outside-in view of theneeds of our members — the men andwomen of the military and their families

— and we strive continually to anticipate anddevelop innovative solutions to help meet them.Our goal is to build on our legacy of excellentcustomer service to make it simple and easy forour members to manage their everyday finan-cial matters by providing access in any channelthey choose to transact with us.

We invest in infrastructure that provides anintegrated platform for the entire duration of amarketing campaign to ensure consistent, relevantand timely messaging to our members across alloutbound communication channels. This interactivemarketing approach incorporates customer andweb analytics, centralized decision making, cross-channel campaign execution, and integrated mar-keting operations in a manner that can be automatedand delivered across multiple channels, accordingto each member’s preference. This approach helps

ensure members receivethe same exceptional, per-sonalized level of service,consistency and quality,regardless of channel.

Today, USAA memberscan use their smartphones,tablets or the Internet toaccess their accounts,

transact business and purchase many of ourproducts and services. They enjoy best-in-industryservice when they call USAA to talk with one

of our representatives or licensed financial advis-ers, and they can walk into one of our USAAFinancial Centers and enjoy the best of USAAin a face-to-face environment. ■

PTIMIZING THE CUSTOMER EXPERIENCE has become essential for banks, and consumers expect

to be able to interact with their banks quickly and easily — whenever and from wherever. To deliver

on customer expectations, banks must enhance document creation and delivery capabilities to

provide clients with a consistent, personalized experience across the expanding variety of channels.

As document management has evolved into customer communications management, what’s

required for banks to produce and distribute targeted, relevant multichannel customer communications? And

how can banks capitalize on advances in document creation, output and delivery? —Peggy Bresnick Kendler

A Convenient ConversationCUSTOMER COMMUNICATIONS MANAGEMENT

O

MichaelBaublitAssistant VP of Marketing & ChannelOperations,USAA (San Antonio)

3 0 ■ MAY 2012 ■ WWW.BAN KTE C H.C O M ■ BAN K SYSTE M S & TE CH N OLOGY

Staying Connected

One for All

C ommunicating with customers requiresadept management of inbound and out-bound messages across multiple chan-

nels — branch, call center, online, mobile andtraditional mail — all while accommodatingcustomer preferences. In the case of outboundcommunications, automated tools are essentialfor content authoring, workflow management,document creation, review and approval —including legal and compliance steps — andmultichannel delivery. These tools can managethe content, brandingand integration with cus-tomer data, all of whichare necessary to createaccurate, timely, and tar-geted communications toyour customers.

Customers should beable to select differentchannels (e.g., email, text message, online, etc.)for different types of messages, such as accountstatements and balance alerts. The ability tomanage their preferences, including unsubscribingfrom feeds that no longer interest them, is key tomaintaining trust and customer loyalty.

In addition, financial institutions need to improve

MarciaWakemanPartner, NorthAmerican BankingPractice, Capco (New York)

In order for banks to produce and distribute tar-geted, relevant multichannel customer commu-nications, they must have targeted data about

their customers; create targeted marketing mes-sages for the communication pieces; and prepareand test documents using customer communica-tion tools and solutions.

The most difficult part of distributing multichannelcustomer communications is preparing content so

that it can be presentedin channel-appropriateways. From a distributionstandpoint, it is importantfor banks to have back-upsecondary channels todeliver customer commu-nications if the first chan-nel does not work. For

example, if an email delivery fails, banks shouldsend a paper statement along with a failure notifi-cation and instructions on how customers shouldupdate their email addresses.

Consumers and mobile workers have the devicesand comfort level to transact electronically. Whileit’s clear that Generation Y and Millennial users havelittle attachment to paper-based communications,studies show that as Baby Boomers retire from theworkforce and have more time on their hands, theyalso are becoming much more comfortable with weband mobile applications. Coupled with the increasingcosts of postal delivery, it seems clear that banks willbe under increasing pressure to support more on-demand, electronic delivery of regular communications,including statements, in addition to other vital com-munications, such as notices and correspondence.

In order to continue supporting the vital printchannel in addition to the increasing variety ofelectronic channels in a consistent and appropriateway, it is critical that banks address their culturesand organizational structures. Many banks have a

multitude of tools, teams and processes to addresstheir communications objectives. This has been com-pounded by growth through acquisition and a proj-ect-based culture in which point solutions are acquiredto meet the narrow needs of a department or line ofbusiness without considering the impact to the broaderorganization. This leads to redundant efforts and aninconsistent face to the customer. It is important thatbanks develop enterprise approaches and solutionsfor communications in order to improve the impactand consistency of communications across channelswhile reducing the cost and efforts required to supportmultiple disconnected teams and technologies. ■

The ability to manage documents electronicallyrather than through paper changes the serviceexpectations of the various parties involved

— as the medium of doing business changes, so dothe expectations for response time and the quality ofthe response. Hand in hand with electronic docu-ment management comes the desire to do businesselectronically end to end.

Banks must consider not only back-office effi-ciencies, but how they’re serving their customersin the front office, since expectations for fasterresponse times have gone through the roof withmobile and other technologies. Document manage-ment initiatives often begin with the back-officedesire to gain efficiencies, but sales managers atmany banks often become more excited aboutgaining the ability to collaborate and communicateelectronically with their customers and partners,rather than taking on the project simply as an initiativeto become paperless.

There are several trends in document creation,output and delivery that banks should watch. Oneis the ability to create structured collaboration,which enables banks toconnect collaboration andworkflow systems. Thinkof it as collaborative work-flow, enabling banks towork collaboratively bothinternally and across orga-nizational boundaries.Banks need to have theability to keep an audit trail, so if there is confusionor something goes wrong — in the case of fraud ora miscommunication, for instance — a deeper divecan be conducted to find out what happened andquickly resolve the issue.

This ability gives banks the tools to keep up withand stay ahead of regulatory requirements. But banksmust really look at the big picture when consideringgoing paperless and embrace this as an opportunityto serve customers better rather than just focus purelyon maintaining regulatory compliance. ■

SanjeevMalaneyCEO, Capsilon (San Francisco)

AviGreenfieldProduct Manager, HP Exstream (Palo Alto, Calif.)


their management of inbound communications. Moreand more, customers want the ability to send electroniccommunications but find that their banks do not allowthis. Banks need to invest in systems to automate theprocessing of customer-provided electronic documentsand management of unstructured data.

As far as customers are concerned, there are nodifferences among business units within an institution,and they do not understand why the communicationscannot be the same across the board. They don’t knowor care about channels, lines of business, or systemsand database challenges. Customers expect you tobring the same knowledge to each interaction thatthey have; the individual or system providing serviceshould have access to relevant communications —statements, marketing offers, service requests andhistorical interactions — on a time-sensitive basis. ■

A Familiar Face

Meeting Great Paperless Expectations

For more information, call Wright’s Media at 877.652.5295

or visit our website at www.wrightsmedia.com

Logo Licensing | Reprints | Eprints | Plaques

Leverage branded content from Bank Systems & Technology to create a more powerful and sophisticated statement about your product, service, or company in your next marketing cam-paign. Contact Wright’s Media to fi nd out more about how we can customize your acknowledge-ments and recognitions to enhance your marketing strategies.

Content Licensing for Every Marketing Strategy

Marketing solutions fi t for:

• Outdoor

• Direct Mail

• Print Advertising

• Tradeshow/POP Displays

• Social Media

• Radio & Television

B E S T P R A C T I C E S

HEN FACILITY INSUFFICIENCIESbegan creating unacceptable risks inNational Bank of Abu Dhabi’s (NBAD)data center, it forced the United ArabEmirates-based institution to seek anext-generation solution. “By mid-2009 circuit breakers were trippingfrequently, our PDUs [power distri-

bution units] weren’t intelligent, we lacked automated alertsand we were monitoring data center temperatures manually,”explains Ayman Al-Qudsi, data center group leader at NBAD(US$70 billion in assets). “Additionally, we couldn’t limit physicalaccess to the data center because we didn’t have secure,encrypted tools for managing it remotely.”

Late in 2009 the data center team identified five vendorswith appropriate solutions. According to Al-Qudsi, the capabilitiesof Columbus, Ohio-based Emerson Network Power’s Avocent(Huntsville, Ala.) division stood out. “The Avocent KVM[keyboard, video, mouse] switch appliancescould be accessed remotely from anywherein the world and were integrated withMicrosoft [Redmond, Wash.] Active Directory.This was unique,” he notes.

“Plus,” Al-Qudsi continues, “with the Avo-cent DSView tool, we could do everythingwe wanted from one console outside the datacenter.” This included viewing racks, andtheir components, or drilling down to a specific server to see itscomponents, he says. And, in combination with the AvocentMergePoint Server Process Managers, a server could, with oneclick, be accessed and managed at the hardware level. In addition,“The solution was scalable and highly available, allowing us tooperate it independently from any of our three data centers, evenif two of the data centers were down,” Al-Qudsi adds.

When deployment began in early2011, equipment was staged outsidethe data center, relates Al-Qudsi, whoexplains that the migration was like“open heart surgery” and “no down-time was accepted.” A local Emersonpartner installed the wiring, KVMappliances and the intelligent AvocentPower Distribution Units, he reports.Then Emerson engineers conductedassessments and installed the soft-

ware, and two weeks of vendor-sponsored training began.The only significant speed bump arose immediately after

the deployment in October 2011. “For the first three monthswe received many false positives,” Al-Qudsi says. “We discoveredthe importance of customizing the solution to fit our needs.”

RELIEF FROM THE HEATRegardless, the solution quickly produced rewards. For starters,temperature monitoring revealed hot spots during month-endprocessing, Al-Qudsi notes. To compensate, NBAD rearrangedservers, resulting in the ambient data center temperaturedropping more than 3.6 degrees Fahrenheit — a remarkableaccomplishment given the climate, he says.

“We also improved system availability by 20 percent becausethe PDUs measure the power load on each side of the rackand alert us when thresholds are exceeded,” Al-Qudsi reports.“In addition, by balancing the power load, we’ve decreaseddata center energy use by 15 kVA [kilovolt ampere].”

The deployment also helped NBAD achieve its securitygoals. “Now we not only limit physical access to our datacenter but also to our distant disaster recovery site,” affirmsAl-Qudsi. “Before, we traveled there a few times every month.Since the rollout, the DR site hasn’t required a single trip.”

While Al-Qudsi looks forward to improvements in existingAvocent solutions, such as more seamless integration betweenthe vendor’s tools, he’s also keen to adopt Emerson’s datacenter information management (DCIM) solution, Trellis, in

the next few years. “It will move usto the facility level for managementand control,” he says.

Still, NBAD is beyond satisfiedwith the outcome. “We’ve shiftedfrom reactive mode to predictivemode,” Al-Qudsi says. “And in anindustry that’s all about reputation,reducing our downtime and improv-ing performance is a testimony toour customers.” ■

INSTITUTION: National Bank of Abu Dhabi(Abu Dhabi, United Arab Emirates).ASSETS: US$70 billion.BUSINESS CHALLENGE: Modernize data center infrastructure and management.SOLUTION: Multiple data center infrastruc-ture management solutions from Huntsville,Ala.-based Avocent, a division of EmersonNetwork Power (Columbus, Ohio).

SNAPSHOT

Heat of the MomentDATA CENTER MANAGEMENT

WNational Bank of Abu Dhabi cuts energy use and downtime by leveraging multiple

Emerson Network Power solutions to modernize and manage its data center.

“We’ve shifted from reactive modeto predictive mode.”AYMAN AL-QUDSINational Bank of Abu Dhabi


BY ANNE RAWLAND GABRIEL

E X E C U T I V E WAT C H

3 4 ■ MAY 2012 ■ WWW.BAN KTE C H.C O M ■ BAN K SYSTE M S & TE CH N OLOGY

URING HER NINE YEARS as senior vicepresident of Wells Fargo’s Internet servicesgroup, Secil Tabli Watson drove innovationand growth in the bank’s online consumerchannels, helping the San Francisco-based bank build a base of more than 7 million active mobile users and nearly20 million online banking customers.

Now she is charged with spearheading the same type ofsuccess in Wells Fargo’s commercial and corporate onlinechannels as head of its wholesale Internet services group, arole she assumed in January.

According to Watson, in her new position, she will guide thestrategic direction for the bank’s Commercial Electronic Office(CEO) portal, which provides corporate customers online accessto more than 80 applications, including cash management, trustand trade services, credit and loans, foreign exchange, andglobal payments. She’ll also oversee the CEO Mobile service,which allows corporate customers to access essential bankingtasks on the go via any web-enabled mobile device.

“It’s very exciting to get to know a new customer segmentand apply what I’ve learned,” Watson says of her new respon-sibilities. She notes that although she’s dealing with some newproducts and a different customer base, she knows channelmanagement is essentially about customer experience andleveraging both qualitative and quantitative insights.

Continuing to focus on the customer expe-rience by ensuring consistency and continuityacross the wholesale digital channels is top ofmind for Watson. She says that includes notonly integration of applications and serviceson the back end, but continued innovation onthe front end to make sure the user experienceis optimized and consistent on all devices. Look-ing forward, Watson adds, as Wells Fargo whole-sale banking begins to expand into new countries,providing a distinctive customer experiencewill also mean finding ways to better scale products and maintain a consistent experience internationally.

Watson notes that due to the consumerization of enterpriseIT and the rise of bring-your-own-device initiatives, corporationsare now seeing the same type of mass adoption of mobile devicesthat the consumer world has seen. [For more on consumerization

and BYOD, see this month’s cover package, starting on

page 16.] “We want to make sure the experience we provide isoptimized and covers as many of those devices as possible,”

she says, explaining that Wells Fargo’s mobile strategy is aboutubiquity. “Our customers aren’t just using the iPad or iPhone— we have customers using other devices and operating systems,so we want to make sure we stay ubiquitous.”

HUMANIZING THE WEBPart of optimizing the digital experience is providing conveniencefor customers, which can be accomplished in several ways,according to Watson. “We hear a lot from customers that they’dlike to have a more simple experience accessing services, andthey want to do it through a more collaborative factor,” shesays. “We are trying to humanize our web offering and bringthat collective experience.” For example, Watson points out,her team is looking at ways to move more transactions off ofpaper, alert customers in real time of actions that need to betaken and the status of transactions, and allow clients to interactwith a banker through the same online interface.

Watson reports that her team also is looking for ways tomake secure access to wholesale banking more convenientfor customers. “The purpose of our mission is to provide con-venient and secure channel access,” she says. “Improvingsecurity is critical, but sometimes secure innovations can alsocreate a little inconvenience for customers. We’re trying tofind ways to make secure access more convenient.”

Thankfully, Watson notes, some of the work that her previousteam did in the consumer digital channels can be leveraged

in the wholesale space; she says she considers herself to bea broker of the relationships between her former and newteams. “There’s a lot of work at the channel level that overlapsconsumer and corporate space,” Watson says. “What I bringis the ability to use my old contacts and connections to makesure we have integrated fraud, customer experience and designstrategies. We’re trying to bridge gaps and share notes so wecan tackle the same issues.” ■

Bridging the Gap

D

“We want to make sure theexperience we provide ...covers as many of thosedevices as possible.”SECIL TABLI WATSONWells Fargo

As the new head of Wells Fargo’s wholesale Internet services group, Secil Tabli Watsonbrings lessons learned from her former position as head of the bank’s consumer digital channels

to Wells’ commercial and corporate digital channels.

BY OLIVIA LABARRE

Pho

to C

redi

t: B

usin

ess

Wire

Scan the QR code* with your mobile device to view a brief customer video or visit sas.com/bankfraud for the complete success story video.Scan the QR code* with your mobile device to view a brief customer video or visit sas.com/bankfraud for the complete success story video.

Stamp out fraud.

With SAS® Analytics, you can score millions of transactions a day in real time – to detect fraud faster, reduce risk, streamline investigations and prevent losses. Decide with con� dence.

ANALYTICS

SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product names are trademarks of their respective companies. © 2011 SAS Institute Inc. All rights reserved. S78973US.0911

*Requires reader app to be installed on your mobile device

BRAVE WORLD - Dark Reading's 2017 Strategic Security ...

Documents

Transcript of BRAVE WORLD - Dark Reading's 2017 Strategic Security ...