*** Feb/March Project Update *** Since our last update, 22 companies have committed to participate and launch the Image Quality and Usability Assurance: Phase I project. Also, we completed the SVPCo/FSTC Black and White vs. Gray-Scale in Bank Operations project in February, and SVPCo is now utilizing that report as a key component of its planning. Lastly, our Minimum Required Practices for Global Sourcing project has issued a call for participation, and commitments are being made by both financial institutions and technology partners. FSTC provides an action-oriented, collaborative forum for our members to address shared business opportunities and challenges through technology projects and knowledge-sharing. We view our projects as our core activity, and one of the key benefits of FSTC membership is eligibility to participate in these projects. In our efforts to keep our members and friends up-to-date on the latest developments in these active and developing projects, we provide our colleagues this periodic project update. As always, please contact me or Zach Tumin, FSTC Executive Director, for more information. Or visit our website at http://fstc.org. Active Projects: 1. Business Continuity: Technology Best Practices Expertise Center (launched Nov 2003) 2. Survivability of Check Security Features in an Imaged Environment (launched Oct 2003) 3. Image Quality and Usability Assurance: Phase I (launching March 2004) Projects in Formation: 1. Minimum Required Practices for Global Sourcing (call for participation issued) 2. Phishing and Financial Services 3. eBilling Self Service through Federated Identity 4. Biometrics in Financial Services: Assessment and Action 5. Treasury Services Integration: Data Exchange and Customer Connectivity through Web Services (on hold) 6. A Federated Identity Implementation Framework for Secure Email (on hold) 7. Transformation to Open Mission Critical Systems ______________ ACTIVE PROJECTS: 1. Business Continuity: Technology Best Practices Expertise Center http://fstc.org/projects/dr-bestpractices/ The Technology Best Practices Expertise Center Phase I initiative has brought industry leaders together to jointly develop consolidated, industry-vetted best practices and actionable recommendations for technology recovery in post-outage, remote recovery. Regulatory compliance will be a key requirement considered by the team. The resulting documentation will define best practices, identify key challenges and gaps in available solutions, and identify recommendations for further actions (such as testing) in future efforts. The objective is to enable participating companies to recover in a cost-effective manner, to validate and compare their own recovery strategies with their peers, and to address regulatory compliance in an industry forum. The project launched on November 5, 2003 in New York, and is expected to conclude in April 2004. Project participants include: Bank One, Bank of America, Comerica, JPMorgan Chase, Huntington, RBC Financial, US Bank, Wachovia, and IBM. This initiative originated in our Business Continuity SCOM. (http://fstc.org/advisory/business-continuity.cfm) ______________ 2. Survivability of Check Security Features in an Imaged Environment http://fstc.org/projects/new.cfm#securityfeatures In this project, participating financial institutions and partner technology companies are selecting current and proposed (next-generation) check security features. Working with participating industry partners and financial institutions, the project will test the survivability of these check security features in high-speed and low-speed capture, in both gray scale and black & white imaged environments. The result will be an independent indication as to the viability of current and proposed next-generation check security features in a truncated (imaged) environment. This project launched in October 2003, held its first in-person meeting November 18th in Charlotte, hosted by IBM, and is expected to conclude in the April 2004 timeframe. Project participants include Bank of America, Canadian Payments Association, Comerica, Federal Reserve, First Citizens, JPMorgan Chase, US Treasury, Wachovia, Wells Fargo, and Zions Bank; ASD Corp, Cheque Guard, Clarke American, Deluxe, Fiserv, Harland, IBM, and SQN Banking Systems. This project originates from the Check Truncation SIG (http://fstc.org/advisory/check-truncation.cfm). ______________ 3. Image Quality and Usability Assurance: Phase I http://fstc.org/projects/new.cfm#imagequality A group of FSTC member institutions and technology companies convened January 13th in Atlanta to develop an initial set of objectives and deliverables for a Phase I FSTC image quality initiative. The goal is to bring financial institutions together with key technology partners to better understand the current industry activities in the area of image quality, identify critical challenges yet to be addressed, and leverage the FSTC project environment as a place to undertake key collaborative development, testing, prototyping, and specification required to ultimately ensure minimum image quality assessment capabilities in centralized and distributed capture points, regardless of vendor or institution. The ultimate objective is to prevent unusable check images (and their financial exposure) from entering the payment system. A call for participation was issued February 4, and since then 22 companies have committed to pariticpate. The first in-person project meeting will be held April 2nd in San Francisco, following the FSTC/ABA/Federal Reserve/SVPCo Image Assurance and Security event March 31-April 1 at the Fairmont (http://fstc.org/meetings/next.cfm). The project is expected to run for 90 days, and conclude in June 2004. ______________ PROJECTS IN FORMATION: 1. Minimum Required Practices for Global Sourcing http://fstc.org/projects/new.cfm#offshore This primary objective of this initiative is to develop a comprehensive set of tactical minimum required practices for both financial institutions and vendors, as a baseline for the industry. With increasing regulatory interest, and a desire to collaborate to improve the overall strength of the financial industry, FSTC members have defined a series of activities for 2004 that address key gaps and opportunities shared by FSTC member institutions. Areas of interest include data privacy, business continuity, governance, safeguarding intellectual property, and others. An in-person meeting was held February 26th in Orlando, bringing our core group together with a broader industry audience to share the group's vision, as well as further refine the scope, objectives, and next steps. A call for participation has been issued, and a number of financial institutions and technology partners have committed to participate. Please contact Zach Tumin (zachary.tumin@fstc.org) for more information. ______________ 2. Phishing in Financial Services FSTC member-institutions have expressed an interest in understanding and addressing, at a technical level, the complex problem of phishing via both email and web sites. A core group is developing a strawman statement of financial institution requirements regarding phishing that will address issues of ease of use and acceptance, effectiveness, cost and complexity of implementation, and required industry coordination. When validated with a larger group of financial institutions and technology providers, it is the intention of these members to inventory and evaluate current vendor solutions against the set of known threat models and financial institution requirements, and to work with industry groups to prove/test/validate those solutions. For more information, please contact Zach Tumin (zachary.tumin@fstc.org). An FI-only project definition session is being held March 24th in New York to begin this process. ______________ 3. eBilling Self Service Through Federated Identity This proposed project would seek to bring FSTC members together to define an implementation framework for using federated identity standards such as SAML to link financial institution sites with biller self-service sites. The proposition for billers is reduced identity management costs and increased adoption, while financial institutions benefit from increased online traffic, stronger customer service, and increased use of online services. Customers will benefit from having a consolidated access point for disparate billing sites and fewer usernames and passwords to remember. A core group of financial institutions and technology companies are currently developing this concept, and developing an initial set of use cases. Also, these companies are talking to billers and banks who might participate in a pilot. We expect to be able to share more information about this project soon. ______________ 4. Biometrics in Financial Services: Assessment and Action Using as a basis the internal control objectives and practices of the ANSI Standard X9.84 - 2003, Security and Management of Biometric Data, a core group of interested FSTC members is developing a project concept to assist financial institutions in determining the viability of biometric technologies in several financial institution-specific use cases, including account openings. As currently conceived, this effort will culminate in the assessment of the current state (2004) and desired future state of biometric standardization, technologies, and business process efforts, and produce a statement of financial institution requirements and recommendations on issues of interoperability, security and management, and customer service for critical business processes. The requirements for institutions to utilize data in a standardized and privacy-aware fashion will be a important performance metric. Ultimately, the project may include the development of a reference implementation and the deployment of a pilot system to validate the reference implementation. ______________ 5. Treasury Services Integration: Data Exchange and Customer Connectivity through Web Services (on hold) http://fstc.org/projects/new.cfm#tsi As a potential Phase II following the previous Web Services for Corporate Cash Management effort, a core group of FSTC institutions and technology companies have defined key business objectives and deliverables for a discovery phase, and subsequent pilot-level project utilizing Web Services in the Treasury Services / Cash Management area. The project, as it currently stands, will seek to further develop the Phase I set of web services and associated definitions to create new and open-standards-based connectivity options between banks, and between banks and their customers. The business goals are to enable standards-based "plug-and-play" integration capabilities between institutions and customer platforms, whether ERP, Treasury Work Station (TWS), or desktop. A core group of financial institutions and technology companies has committed to launching this initiative in the second half of 2004. This project is considered on-hold until later this year. ______________ 6. A Federated Identity Implementation Framework for Secure Email (on hold) Coming from discussions in the FSTC Advisory Council Security and Infrastructure Standing Committee (SCOM) (http://fstc.org/advisory/security.cfm), FSTC members are putting plans together to create a federated identity implementation framework, with the primary application being secure email. The primary business objectives are to create interoperability for shared customers and business partners, as well as to reduce the cost of managing identity databases internally within institutions. The project would deliver a set of technical, business, and legal/regulatory definitions to create a framework for the industry to utilize in secure email and ultimately other applications. An in-person session was held January 8th in Boston, hosted by Fidelity. A revised proposal was developed coming out of this meeting, however, given the relative immaturity of secure email technology and solutions that have been selected and implemented within FSTC member institutions, the team agreed that this project should be put on hold while those decisions are made. It is expected that later in the year, a discussion about enhancing secure email through federation will be started up again. ______________ 7. Transformation to Open Mission Critical Systems The transformation of systems from higher cost or proprietary delivery to open systems is one of the most hotly debated and discussed topics in financial services IT. While there is great promise in the flexibility and efficiencies gained, there is also risk and cost. An FSTC project will soon form up to determine answers to such key questions as, "Are those transformations viable?" and "What are the costs and processes by which a successful transformation program will be run?" The vision of this initiative is to bring together financial institutions to investigate the needs, processes, best practices, technology issues, risk factors, organizational issues and lessons-learned for transformation projects which move core business processes from legacy IT assets to open systems. We will provide additional details shortly. If you are interested in joining an interest group around this topic, please contact us. ______________ ## ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://ls.fstc.org/subscriber> --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'