FSTC Project Update

R. A. Hettinga rah at shipwright.com
Mon Sep 20 20:33:23 EDT 2004


--- begin forwarded text


Date: Mon, 20 Sep 2004 15:06:35 -0400
From: Jim Salters <jim.salters at fstc.org>
Subject: FSTC Project Update
To: members at ls.fstc.org
Thread-Index: AcRB0A9Y0sS8MgYzStq91o5SaD2dkAAAEYTwFfSLIoABaGIp8A==
List-Post: <mailto:members at ls.fstc.org>
List-Subscribe: <http://ls.fstc.org/subscribe>,
 <mailto:members-request at ls.fstc.org?body=subscribe>
List-Archive: <http://ls.fstc.org/archives/members/>
List-Help: <http://ls.fstc.org/elists/admin.shtml>,
 <mailto:members-request at ls.fstc.org?body=help>
List-Id: <members.ls.fstc.org>

To: FSTC Members and Friends
From: Jim Salters, Director of Tech Initiatives and Project Development

*** September Project Update ***

After a busy summer season of meetings and project development, a number of
FSTC projects are poised to launch, as well as a strong pipeline in
development.  Our Standing Committees (SCOMs), especially those in Business
Continuity, Security, and Check Imaging and Truncation, continue to broaden
their participation, and build upon a foundation of dialog and action that
leads to FSTC projects.  In the past few weeks, we issued two new calls for
participation: e-Authentication Proof-of-Concept, and Business Continuity
Compliance and Status Reporting.  See http://fstc.org/projects/new.cfm .

In addition, we have recently completed projects in Image Quality and
Usability Assurance Phase I, Technology Recovery Best Practices, and
Survivability of Check Security Features.  Details on these recent projects
can be found at: http://fstc.org/projects/past.cfm .

FSTC provides an action-oriented, collaborative forum for our members to
address shared business opportunities and challenges through technology
projects and knowledge-sharing.  We view our projects as our core activity,
and one of the key benefits of FSTC membership is eligibility to participate
in these projects.  In our efforts to keep our members and friends
up-to-date on the latest developments in these active and developing
initiatives, we provide our colleagues this periodic project update  As
always, please contact me or Zach Tumin, FSTC Executive Director, for more
information.  Or visit our website at http://fstc.org.

Active Projects:

1.  Counter-Phishing Phase I

Projects in Formation:

1.  e-Authentication: Business and Technology Proof-of-Concept (call for
participation issued 9/8)
2.  Business Continuity: Compliance and Status Reporting (call for
participation issued 9/8)

Projects in Development:

1.  Image Quality and Usability Assurance Phase II
2.  Survivability of Check Security Features Phase II
3.  Treasury Services Integration: Data Exchange and Customer Connectivity
through Web Services
4.  Transformation to Open Mission Critical Systems
5.  Minimum Essential Finance (MEF)
______________

ACTIVE PROJECTS:

1.  Counter-Phishing Phase I (launched July 2004, expected to complete in
December)

http://fstc.org/projects/counter-phishing-phase-1/

FSTC has launched a phased initiative to address the problem of phishing and
related threats in financial services, as it affects the relationship
between customer and firm.  In collaboration with other industry groups,
FSTC will focus on defining the unique technical and operating requirements
of financial institutions (FIs) for counter-phishing measures; investigating
counter-phishing technical solutions, proving and piloting solution sets
enabled by technology to determine their fit against FI criteria and
requirements; and clarifying the infrastructure fit, requirements, and
impact of these technologies when deployed in concert with customer
education, enforcement, and other industry initiatives.  The benefits to
participants are: industry-vetted due diligence and scaling of the current
problem and its future evolution; insight into peer institution strategies
and assessments; and definition of an industry response that may be best
undertaken with collaboration between key industry segments.

12 financial institutions and over 15 technology companies are participating
in the 5-month first phase.  This project originates from the Security SCOM:
co-chaired by Mike McCormick of Wells Fargo, and Mike Versace of NEC.
Please contact FSTC Managing Executive Gene Neyer for more information
(gene.neyer at fstc.org).  (http://fstc.org/advisory/security.cfm)
______________

PROJECTS IN FORMATION:

1.  e-Authentication: Business and Technology Proof-of-Concept (call for
participation issued 9/8/04)

http://fstc.org/projects/new.cfm#eauth

This 5-month project will assess the viability of the potential business
opportunity that exists for financial institutions to leverage their online
customer relationships and provide an authentication service to government
agencies, and to integrate these services into financial institutions'
online applications. FSTC, jointly with the GSA's E-Authentication
Initiative Project Management Office (EAI PMO), propose to launch a
three-track project to ascertain the business model, legal framework, and
technical viability of using institutions' identity credentials to permit
consumers and businesses to access secure online government applications.

The GSA is funding the business track of the initiative. There is no cost to
financial institutions, and a $5,000 fee for associate and advisory members.
In addition, a resource commitment is required for all participants, as
outlined in the prospectus. Participation commitments are requested by Sept
24th, and the target kickoff is the week of October 4th.

______________

2.  Business Continuity: Compliance and Status Reporting (call for
participation issued 9/8/04)

http://fstc.org/projects/new.cfm#compliance

The FSTC Business Continuity Standing Committee proposes an initiative to
assist the financial industry in coming to a common understanding on the
meaning of continuity regulation, prioritization of compliance related
activities, and creating efficiencies in documenting regulatory compliance
status. To establish a clear understanding of the regulatory environment, a
list of continuity related guidance will be pulled together along with the
name of the agency responsible. Each regulation will be reviewed and a
clearly worded summary of the continuity requirements will be developed.
Where possible the regulatory agencies will be contacted for clarification
on specific points. Common themes and requirements will be documented and
prioritized.

>From the continuity regulation summary, a questionnaire will be developed
which will allow a FI to provide or collect continuity compliance status.
The project will focus on providing straight forward interpretations of what
is needed for an FI to comply with current regulations.

This project is sponsored by the Business Continuity SCOM, co-chaired by Tom
Hirsch of US Bank, and Damian Walch of IBM.  Please contact FSTC Managing
Executive Charles Wallen for more information (charles.wallen at fstc.org).
______________

PROJECTS IN DEVELOPMENT:

1.   Image Quality and Usability Assurance: Phase II (proposal being
finalized)

http://fstc.org/projects/new.cfm#iqa2

In Phase I, more than 20 companies, representing 2/3 of US check volume,
most major vendors, and key industry associations, undertook a 90-day effort
to assess the impact of poor quality check images, and defined 16 technical
metrics and 4 usability levels that can be used to measure image quality and
usability in a standard and interoperable way.  The findings of the Phase I
project team justified further development, to test these metrics in a
real-world scenario, on millions of images, to determine the quantitative
thresholds for the 16 metrics that will define a minimum baseline "standard"
for acceptable quality images for the industry.

The business objectives are to maximize efficiencies, cost savings, and
ensure strong adoption of image exchange. The project will undertake a
robust, "real-world" analysis and test to provide actionable specifications
and direction to the industry to allow financial institutions, technology
vendors, standards organizations, and other key partners to collectively
implement baseline image quality and usability through industry
collaboration under the FSTC umbrella.

This project originates from the Check Truncation SIG
(http://fstc.org/advisory/check-truncation.cfm), co-chaired by Katrina
Brown, Wells Fargo; Glen Ulrich, US Bank; and Ian Goodall, NCR.  A call for
participation is expected during the month of September.
______________

2.  Survivability of Check Security Features Phase II

As a follow-on to the recently completed Phase I
(http://fstc.org/projects/csf/), this initiative will seek to develop
interoperability specifications for automated security feature verification
engines.  As a growing number of vendors offer security features targeted at
surviving the imaging process, institutions face a growing number of
proprietary verification engines that must be installed and configured to
validate these features during processing.  The objective of this initiative
is to make is less expensive and easier to manage the implementation of
these security feature verification products.

This project originates from the Check Truncation SIG
(http://fstc.org/advisory/check-truncation.cfm).  More information on this
project will be published in the next month or so.
______________

3.  Treasury Services Integration: Data Exchange and Customer Connectivity
through Web Services (on hold)

http://fstc.org/projects/new.cfm#tsi

As a potential Phase II following the previous Web Services for Corporate
Cash Management effort, a core group of FSTC institutions and technology
companies have defined key business objectives and deliverables for a
discovery phase, and subsequent pilot-level project utilizing Web Services
in the Treasury Services / Cash Management area.  The project, as it
currently stands, will seek to further develop the Phase I set of web
services and associated definitions to create new and open-standards-based
connectivity options between banks, and between banks and their customers.
The business goals are to enable standards-based "plug-and-play" integration
capabilities between institutions and customer platforms, whether ERP,
Treasury Work Station (TWS), or desktop.

A core group of financial institutions and technology companies has
committed to launching this initiative in the second half of 2004.  This
project is considered on-hold until later this year.
______________

4.  Transformation to Open Mission Critical Systems

The transformation of systems from higher cost or proprietary delivery to
open systems is one of the most hotly debated and discussed topics in
financial services IT.  While there is great promise in the flexibility and
efficiencies gained, there is also risk and cost. An FSTC project will soon
form up to determine answers to such key questions as, "Are those
transformations viable?" and "What are the costs and processes by which a
successful transformation program will be run?" The vision of this
initiative is to bring together financial institutions to investigate the
needs, processes, best practices, technology issues, risk factors,
organizational issues and lessons-learned for transformation projects which
move core business processes from legacy IT assets to open systems.  We will
provide additional details shortly.  If you are interested in joining an
interest group around this topic, please contact us.
______________

5.  Minimum Essential Finance (MEF)

In its early stages, FSTC and its members are in dialog with numerous
government and industry organizations to explore interest in an initiative
to identify the minimum essential elements of our financial system, and to
develop a plan and process to ensure that it remains operational in the
event of a disruption to normal operations.  A workshop is currently being
planned for this fall for multiple public and private sector organizations
to develop this concept further.  If you are interested in joining this
dialog, please contact Zach Tumin at zachary.tumin at fstc.org .
______________

##








----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://ls.fstc.org/subscriber>

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list