Positive Pay Newsletter
April 10, 2007
Welcome to the April issue of the Data Exchange newsletter, a production of AP Technology - your partner for industry-leading, client-side technologies enhancing the connection between banks and businesses.
The APerspective offers commentary on industry trends and interests from AP Technology executives, John Cipriano, Senior Vice President of Financial Services, and Donovan Perkins, Senior Vice President of Business Development. Donovan and John interact daily with those shaping the direction of the nation's leading banks and payments industry forums.
Payments Executive:
The vision for the remainder of 2007 can best be summarized by Treasury Strategies comments of: Globalization, Efficiency, and Organization. Below, we will discuss these terms in a more actionable course.
There is increasingly more concern about fraud, as everyone rushes to relate the latest escapade. We must foresee the next trick and stand enabled with stronger, more effective authentication - an authentication that goes beyond today's deception but sees into tomorrow's fraud.
Still, the issue of authentication risk, supposedly "fixed" with two-factor requirement from the government, will be with us as it becomes obvious that quick fixes do not provide true multi-factor authentication. Some can be simply broken by more sophisticated, expanded man-in-the-middle attacks (see articles "Tokens can be Broken" and "Online Fraudsters Feeding on Folly"). In addition, fraud potential keeps widening as financial institutions globalize functions and applications.
Cash continues to grow so there is demand for the management and daily investment of cash to get the "best" return ("best" being defined as, first, safest; and, second, highest rate available). Because banks are providing more options now for cash investment, efficiency lies in the ability to easily invest and divest on a timely basis. The key is to watch your cash flow and get everything deposited, with special attention to weekends if you have weekend sales. Remote check deposit can help drive efficiency for a more timely return on investment.
With remote check deposit now being essentially a universal offering, it is important to utilize this method effectively, especially late in the week. (Note: Most banks give one-day availability on checks deposited electronically. Talk with your banker and see if you are getting the best availability for deposits made before noon central time. This will probably be more important later in the year and into next year.)
Clearing checks electronically through ACH and with an electronic image will be a battleground this year. Basically, it could be less expensive to use the ACH, but be sure you understand the 'return item' rules as the ACH has some Reg E provisions covering consumer ACH items and you may be liable for returns for 30 or more days. The ACH alternative will be most attractive to those companies with some volume of smaller dollar checks and those with back-office capabilities of capturing and transmitting checks (and those that are price sensitive, i.e., Retailers).
The problem with globalization is that it adds more payment types to be considered and optimized over time; so, many will outsource this to the experts. As payment types continue to expand, however, or at least stay extensive, various payment organizations supporting them will become more involved in deployment to defend their turf. Because each payment type has its own rules and formats, banks are trying to consolidate processing with various translation and ASP software options. Since the major payment types are significantly different, proceed carefully.
Furthermore, with efficiency as an ongoing thread of interest among businesses using payments, we will continue to see new products that provide reporting and controls that do more with less. The key issue is to ensure that basic risk management principles are not compromised, such as "dual controls," positive pay, timely reconciliation, and exception management. More support will be available to all sized businesses this year from banks and outside vendors.
We wish you all the best. You should find the rest of year more productive as changes are released and we get more useful feedback from auditors and examiners.
All the best,
John and Donovan
Securing Online Identities: Next-Generation Considerations for Authentication Technology and Client Protection
A White Paper by Jessica Andrews, AP Technology
The year-end deadline for FFIEC guideline compliance forced many financial institutions to rapidly consider and implement solutions that were designed mainly to satisfy regulators. Although the rush to meet a deadline is over, the battle to outsmart online fraudsters is not. The question remains as to what authentication technologies were wisely selected and will have the most staying-power by outsmarting the next-generation of increasingly tech-saavy fraudsters. Getting too comfortable with any online security solution could be the fatal flaw for a financial institution, in light of the dynamic nature of security concerns and the potential costs of a high-visibility security breach.
IdenTrust and AP Technology Partner to Secure Shared and Card Networks
The IP-based networks carrying card transactions continue to grow in size and importance; yet, to date, they remain vulnerable targets for fraud attack. As communications continue to evolve, users and providers need to have confidence that solutions can be trusted and access is secure. Mutual authentication provides the ideal solution for IP-based network devices by validating both the network to the user and the user to the financial institution to create comprehensive security and a trusted environment in which transactions can occur with confidence. IdenTrust certificate-based smart cards in combination with AP Technology Keystone Authentication provide a powerful solution for mutual authentication on shared or card networks.
AP Technology is a certified IdenTrust Compliant provider. The two companies have joined forces to bring their integrated solution to the financial services industry and create a new level of security and trust for the future of card transactions.
Bank Clients Can Upgrade Today to SecurePay 6.0 at Significant Savings
SecurePay Pro 6.0 is now available to our long-time customers at a special upgrade price. This is a great time for customers on earlier versions to take advantage of this opportunity to benefit from all of the new features and functionality of version 6.0.
With SecurePay 6.0 your clients can ...
- Automatically Transmit Files to your bank's website (supports HTTPS, SFTP, and FTPS file transfer protocols)
- Flag or Remove Duplicate Checks to prevent duplicate check information from being transmitted
- Automatically Receive Transmission Confirmation via email or printer (PDF files)
- Create a Multi-User Environment with installation on up to five workstations
- Keep a Log of All Positive Pay Data - A client database keeps a log of all positive pay data that has been transmitted to your bank.
Until June 1, 2007 existing SecurePay customers will save up to $100 on the upgrade price. And that's not all! SecurePay 6.0 is also being bundled with a specially-priced maintenance agreement.
For more details or to refer one of your banking clients,
contact Adam Hansley at 800-258-5901.
Industry News
Losses Rise If Reputation is Compromised
Posted March 2007 - by Andrea Klein, Bank Technology News
The Ponemon Institute, a research and education organization focusing on information and privacy practices, revealed in its 2006 Privacy Trust Study for Retail Banking that banks are only one or two security breaches away from losing customers-with 34 percent of respondents indicating that they would transfer their funds after a single security breach. VIEW ARTICLE
Study: Users Ignore Bank Security Features - Not like it's their money or anything
Posted February 5, 2007 - by Jeremy Kirk, Computerworld
The study, which will be formally released in May at the IEEE Symposium on Security and Privacy in Oakland, Calif., underscores how new technologies and warnings can't completely protect Internet users from scams such as phishing. VIEW ARTICLE
The Emperor's New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies
By Stuart Schechter (MIT Lincoln Laboratory), Rachna Dhamija (Harvard University & CommerceNet), Andy Ozment (MIT Lincoln Laboratory & University of Cambridge), and Ian Fischer (Harvard University)
Following is link to a working draft of a paper to appear at the IEEE Symposium on Security and Privacy from May 20--27, 2007 in Oakland, California. VIEW ARTICLE
Giving the Bounce to Counterfeit Check Schemes
Posted Feb 8, 2007 - by the Federal Trade Commission
A new scam is swindling consumers: counterfeit checks that seem legitimate to both bank employees and consumers, but that leave unsuspecting consumers footing the bill. The Federal Trade Commission is issuing a new brochure, Giving the Bounce to Counterfeit Check Scams, which explains common angles used in these scams, the responsibilities of banks and consumers when it comes to counterfeit checks, and advice on how to avoid these increasingly common traps. VIEW ARTICLE
