E-Tr CK A: Vol. VI No. 1 January - March 2008 Quarterly Journal

k c a r e-t
vol. VI no. 1 quarterly journal January - March 2008
From the Editor

Editor Pratima Trivedi Editorial Team Pramod Dikshit M K Bose Swapnil Srivastava Sanjay Srivastava Printed By Swastik Printing Press 27, Mai Gi Ki Bagiya, Kapoorthala Crossing,Mahanagar, Lucknow. Mobile : 9415419300
Dear Readers,
The Payment and Settlement System is an essential part of the financial system of a vibrant economy. Consolidation, Development and Integration of the financial infrastructure and reforms in the payment and settlement systems of the country that address the twin issues of safety and efficiency have been engaging the attention of the Central Bankers and Financial Institutions the world over. The article on Development in Payment and Settlement System in India will surely help in disseminating the information on its latest development. As with most technological advances, there is also a dark side: criminal hackers. Governments, companies, and private citizens around the world are anxious to be a part of this revolution, but they are afraid that some hacker will break into their Web server and read their e-mail, steal their credit card number from an online shopping site, or implant software that will secretly transmit their organization's secrets to the open Internet. With these concerns and others, the ethical hacker can help. An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. Exploring these thoughts the article on Ethical hacking will provide insight into this issue. Channels, through which companies can communicate with its customers, are growing by the day, and as a result, getting their time and attention has turned into a major challenge. One of the reasons e-CRM is so popular nowadays is that digital channels can create unique and positive experiences not just transactions for customers. Emphasizing this fact article on e-CRM will make a interesting reading. The current sub-prime mortgage meltdown in US refers to the rash of sub-prime housing loan defaults that began in late 2006 and has continued into 2007. The sharp rise in foreclosures has caused several major sub-prime mortgage lenders to shut down or file for bankruptcy, leading to the collapse of stock prices for many in the sub-prime mortgage industry. Article on sub prime lending will add to the knowledge on the topic. Hope this serving of e-track enriches your knowledge about some of these burning issues. Happy Reading .
punjab national bank institute of information technology

Vibhuti Khand, Gomti Nagar, Lucknow - 226 010 (U.P.) T : + 91 522 2721442, 2721174 F : + 91 522 2721201, 2721441 E-mail : bankingtech@pnbiit.co.in URL : www.pnbiit.com
Readers' Comments
I went through the article contents in the journal with great interest and it was really good to see a welldesigned and very well presented journal on technology, covering a wide range of subjects. My heartiest congratulations for coming out with an excellent and useful publication. R. N. Vadivelu General Manager - IT, Central bank We appreciate the coverage and articles being published in your magazine. A. P. Hota Chief General Manager, Reserve Bank of India
Thought For The Quarter

Lack of will power has caused more failure than lack of intelligence or ability. "anonymous"
Pratima Trivedi e-mail : pratima_facultyit@yahoo.co.in

J. M. Garg Ajay Misra RBI-DPSS, Central Office Mumbai Rick Blum Dr. S. N. Ghosal Dr. SSudalaimuthu 3 4 5 11 17 22 25
Contents from executive director's desk from director's desk Developments in Payment and Settlement systems in India Ethical Hacking Root of subprime landing crisis ....... E - CRM FAQ's in CBS
2
January - March 2008
from executive director's desk
customer value. In the competitive environment profitable business growth of any service sector organization depends
he creation of customer value provides the
manage better customer relationship through effective MIS ambitious data warehouse project has been initiated. In an endeavor to spread the IT
potential for profit generation. In order to
optimize profit it is essential to create more
on excellent service. culture PNB has also set up In order to provide excellent customer service Punjab National Bank has adopted technology as an important facilitator. Starting from stand alone ALPM bank has so far implemented Core Banking Solution in 3501 service outlet across 1508 centers which account for more than 90% of our total business besides achieving 100% computerization I am glad to share that PNBIIT comes out with its quarterly of branch network . The branch specific customer is now newsletter e-track which is quite effective and converted into the customer of the whole bank. Bank has informative . also initiated technology based financial inclusion project to achieve inclusive growth. Further few technology driven products like PNB Insta Remit / NEFT, Internet Banking, Utility Bill Payment, Railway / Airlines Ticket Booking, Online Bill Payment, Online Tax Payment, Online Tax Payment to DGFT / Ministry of Company affairs etc. launched to provide expedient & better service to the customers. Bank has also been associated with the pilot project of Cheque Truncation being implemented by Reserve Bank of India . In order to ( J M Garg ) Executive Director, Punjab National Bank Member, Governing Body, PNBIIT, Lucknow. With best wishes, I wish all success to 'e-track' in its future endeavor to spread e- culture. Punjab National Bank Institute of Information Technology (PNBIIT), an autonomous body dedicated to the Nation with an object to impart contemporary training in usage of IT in developing operations and business of Banking and Insurance.
from director's desk
inancial sector reforms, which were introduced in the early 1990s as a part of the structural adjustment and economic reforms programme,
The vision of the PNBIIT as envisioned by its Chairman, Dr K C Chakrabarty, is to develop an institute of reckoning to serve as an infrastructure model with high-tech environment and state-of-the-art systems, demonstrating use of IT in the management of administrative and training activities and development of IT maturity in banking. This vision of his, has been achieved to a large extent through concerted efforts of the faculty, staff, participants and the students during the short span of its existence. The Institute how ever, continues to strive not only to maintain the standard but also to improve upon it. Our endeavor to make human capital of the nation in particular the banking sector reach a new height of excellence.
had a profound impact on the Indian economy. With a view
to making the reform measures mutually reinforcing, the reform process was carried forward by adopting the international best practices through a consultative and gradual process. While the main objective was the enhancement of efficiency in the financial system, a concomitant goal was to impart stability in a new market oriented environment. Recognizing and managing shifting paradigms, albeit with the help of the enormous leaps of technology, is the need of the hour. Meeting and measuring up to the emerging challenges is the prime function of today's managers. To do this, they require keen perception, flexibility and the ability to merge management theories into action plans. Slicing through management jargons, this is one area that has to be practiced on a moment to moment basis. The secret is to have a global perspective, while at the same time be keenly perceptive about local conditions. Needless to mention, today's management practitioners must be comfortable with the latest technology and be sensitive to the importance of ethical and human values.
Ajay Misra e-mail : bankingtech@pnbiit.co.in
Developments in Payment and Settlement Systems in India

Introduction 1. The Reserve Bank of India (RBI) has undertaken a number of initiatives during the recent years to make the payment systems in India safe, secure, sound and efficient. Till the mid 90s, the non-cash payment systems in India primarily consisted of the clearing houses for cheque clearing. It is only in mid-90s that electronic payment systems like Electronic Clearing Service (ECS) and Electronic Funds Transfer System were introduced. The years since 2000 saw Reserve Bank focusing on the risk mitigation aspect of payment systems. During this period Reserve Bank introduced Foreign Exchange Clearing and Settlement System and Securities Settlement System through a central counterparty. The Real Time Gross Settlement System was introduced in 2004 which has now emerged as a flagship payment system in the country. The National Electronic Funds Transfer System (NEFT) introduced in 2005 also became a key component of electronic payments infrastructure in the country. 2. In 2005, the RBI constituted a Board for Regulation and Supervision of Payment and Settlement Systems (BPSS) as a Committee of the Central Board. This was a recognition of the importance of a safe and efficient payment systems in ensuring financial stability. The Board has completed two years of operation and has provided direction on several areas of payment system development. The Board is assisted by a Technical Advisory body called National Payments Council. A new department called the Department of Payment and Settlement Systems has also been created in the central office of RBI to act as a secretariat to and implement the directions of the Board. 3. In 2005 the RBI, released the Vision Document (2005-08) on payment and settlement systems in the country. The document which was approved by the BPSS has set the goal to be pursued for implementation by the Reserve Bank for the development of Payment Systems in the country during the year 2005-08. A few broad action points pertained to expanding the usage of risk mitigation
5
systems like RTGS for large value funds transfer transactions, sound legal framework for multilateral netting and settlement finality and regulation and supervision of payment system service providers and setting up of a new institutional infrastructure for retail payment systems. Large Value Payment and Settlement System Real Time Gross Settlement System 4 As a step towards risk mitigation measures in the large value payment systems, the Real Time Gross Settlement System (RTGS) was operationalised in March 2004. With the introduction of RTGS the paper-based interbank clearing mechanism has been discontinued. Almost all the inter-bank transactions in the country are now settled through the RTGS. The outreach of RTGS transactions has also grown geographically. Out of the about 75,000 bank branches in country, more than 38000+ bank branches now accept requests for remittance through RTGS system for customer transactions as well as inter-bank transactions. A minimum amount of Rs. one lakh has been prescribed for customer transactions to ensure that RTGS system is only for large value transactions and retail transactions take an alternate channel of electronic funds transfer. The daily average transactions is 25,000+ by volume and Rs.2,00,000 crore (USD 50550 miilion) by value. Net clearing positions of the large value netting systems and retail clearing systems are also settled as Multilateral Net Settlement Batch (MNSB) File. Presently nearly 50 Batch files for net netted value of about Rs.80,000 crore are settled on week days. RBI provides Intra-Day-Liquidity (IDL) facility to the member banks to the extent of 3 times the net-worth subject to posting of collateral Government securities with 5 % haircut. IDL is a completely automated process. Central Counter Party (CCP) arrangements in delivery vs. payment systems 5. The Clearing Corporation of India Limited (CCIL) was setup by banks as a clearing and settlement institution for facilitating settlement of transactions in Government January - March 2008
Securities and Foreign exchange. CCIL acts as the Central Counter Party (CCP) in these segments and provides guaranteed settlement facility to the participants in these segments. Government Securities segment: The settlement of all secondary market outright sales and Repo transactions in government securities are carried out through CCIL. All OTC trades in this segment, which are reported on RBIs NDS platform and trades which are contracted on the online anonymous, trading platform NDSOM, are accepted by CCIL for settlement, after the necessary validations. These trades are settled on a DVP III basis i.e. the funds leg as well as the securities leg is settled on a net basis. The daily average transactions settled through this system is around 1521 trades of Rs.29555 crores. Forex Clearing: CCIL provides guaranteed settlement facility for all US Dollar Indian Rupee, inter-bank Cash, Tom, Spot and Forward transactions by becoming the central counterparty to every trade accepted for settlement, through the process of novation. The Forward deals are guaranteed for settlement from S-2 day and the Spot, Tom, Cash deals are guaranteed for settlement from the trade date by CCIL. The rupee legs of the transactions are settled through the member's current accounts with RBI and the USD leg through CCIL's account with the Settlement Bank at New York. The daily average transactions settled through this system is about 2483 trades of USD 11.58 billion and Rs.45477 crores. Retail Payment and Settlement Systems Cheque clearing 6. The paper-based cheque clearing system continues to be the predominant mode of non-cash payment. The volume of cheques for the country as a whole has been growing at 7 to 8 percent each year. Total volume of cheques for the year 2006-07 was 1.3 billion. 7. There are 1095 clearing houses in the country which operate for the purpose of exchange and settlement
6
of cheques payable locally. Average yearly volume of cheques during the last three years has been 1200 million cheques with a growth rate of around 7 percent. Though the Reserve Bank has been empowered to frame Regulations under the Reserve Bank of India Act 1934, the framework of clearing houses being set up by banks themselves with one of the leading banks managing the day to day business and offering settlement service has been working well. The Reserve Bank has issued model Uniform Regulations and Rules (URRBCH) which are adopted by the respective clearing houses. The Reserve Bank provides settlement service at 16 locations where it has its offices. 8. As the volume of cheques grew substantially during the early 1980s, the Reserve Bank had setup the MICR Cheque Processing Centres (CPCs) at the four metro centres (Mumbai, Delhi, Chennai and Kolkata) during 1986 to 1989. After the stabilization of these systems, the setting up of MICR CPCs at centres with large volume was entrusted to the public sector banks. Automated MICR CPCs have been set-up at 60 major industrial and commercial locations which account for more than 82% by volume and 88% by value of transactions of the paperbased clearing system. 9. The Reserve Bank has initiated concerted efforts for the Computerisation of Clearing Houses by introduction of Magnetic Media Based Clearing System (MMBCS) at centers where it is not economically viable to introduce MICR cheque processing technology because of the small volumes. More than 600 clearing houses in the country are now on MMBCS platform. Cheque Truncation 10. In order to improve efficiency and substantially reduce processing time in the cheque processing system the Reserve Bank has initiated steps to introduce Cheque Truncation. A soft lauch of the Cheque Truncation project has been done at the National Capital Region of Delhi on December 31, 2007. Under the CTS scenario, the paper instruments would not travel beyond presenting banks. It has been left to the banks to take a business decision on point of truncating the cheque within their domain- branch January - March 2008
level or service branch or gateway level. Once CTS gets fully implemented, it would be possible to achieve clearing cycle of T+1 (and even T+0) as straight through processing and automated payment processing are enabled by CTS. It would also result in reduction of costs for the customers and the banks. It is also possible for banks to offer innovative products and services based on CTS. Electronic Clearing Service 11. In the mid 90s, the Reserve Bank took the initiative and set up the automated clearing house (ACH) system in the country. In India, it is called the Electronic Clearing Service (ECS). As in the other countries with ACH, two variants were developed one named ECS (Credit Clearing) and the other called ECS (Debit Clearing). While ECS (Credit Clearing) is used for making payment of salary, pension, dividend and interest, ECS (Debit) is used for collecting payments by utility service providers like electricity, telephone bills as well by banks for receiving principal / interest repayments for housing and personal loans from borrowers. At present, about 18 million transactions flow through the ECS system every month. This facility is currently available at 68 centers. Settlement takes place on T+1 basis and the cycle gets completed on T+2. National Electronic Funds Transfer System 12. The National Electronic Funds Transfer (NEFT) System was introduced in November 2005 as a retail electronic payment system to facilitate funds transfer between the networked bank branches in the country. It is a deferred net settlement system with six settlement cycles a day. This facility is currently available at 37000 + bank branches through out the country. The daily average transactions are about 59543 by volume and Rs.369.15 crores by value. It is envisaged that all the RTGS enabled bank branches (38,000+ in number) would also be NEFT enabled and the customer would have a choice either for the RTGS or the NEFT based on time criticality, value of the transaction and willingness of the customer to pay a differentially higher price for faster movement of funds
through the RTGS. Payment by Card (Credit and Debit Card) 13. Payment by card is now becoming a much preferred mode for making retail payments in the country. The card base in the country at present is around 123.42 million (96.78 million debit cards plus 26.63 million credit cards). Debit cards are used mainly for cash withdrawal. This is evident from the fact that 26.63 million credit cards account for 20.72 million transactions, while 96.78 million debit cards account for only 8.15 million transactions. Recognizing the importance of this mode of payment, a Working Group on Regulatory Mechanism for Cards was constituted by the Bank in November 2004 which examined inter alia various regulatory aspects on card payments after taking into account international best practices on card payment system and the mechanism for customer grievances redressal. Based on the recommendations of the Group, the Reserve Bank issued guidelines on credit card operations in 2005. The RBI has also reserved the right to impose penalty on a bank / NBFC under the provisions of the Banking Regulation Act, 1949 for violation of any of these guidelines. Use of Automated Teller Machines 14. Usage of Automated Teller Machines (ATM) has gone up substantially during last two years. The number of ATMs was 33015 as on January 31 2008. There are a few ATM sharing networks in the country which facilitate the use of ATM card holders of one bank for cash withdrawal from the ATM of another bank. Many ATMs provide facilities for Cash deposit , funds transfer , mobile phone top-ups etc. Payment through internet 15. The rapid growth of e-commerce and the use of the internet have led to the development of new payment mechanisms capable of exploiting the internet's unique potential for speed and convenience. Similarly, the broader usage of mobile phones has encouraged banks and nonbanks to develop new payment services for their customers. Internet and mobile payments are defined by the channel
7
through which the payment instruction is entered into the payment system. Though the Reserve Bank does not directly operate these systems, it facilitates the implementation of such e-payment initiatives by the banks. The Reserve Bank has issued guidelines for banks offering services through internet. The on-line booking of rail / air ticket and payments on-line are a few examples where this mode of transaction is gaining momentum. Payment through Mobile phones 16. The wireless less mode of payments i.e. through mobile phone is the new development in the payments arena of the country. With 160 million mobile phone subscribers, the number of mobile users in the country are higher than the number of payment cards issued . Further, in terms of coverage, the mobile footprint covers a large area of the country in comparison to the cards. Currently there is no mobile based payment service with large coverage in the country. A few projects initiated by banks have been under operation but are yet to attain wide scale acceptance. Legal Framework 17. The Reserve Bank under Section 58(2) (p) of the Reserve Bank of India Act, 1934 is empowered to frame regulations for clearing houses for the banks (including post office savings banks). The Reserve Bank under Section 58 (2) (pp) can also frame regulation of funds transfer through electronic means between banks and between banks and financial institutions. The Reserve Bank has framed model Uniform Regulations and Rules for Bankers Clearing Houses as well as regulations for various electronic payment systems. These regulations have been adopted by the members of the clearing houses and constitute contractual agreements between the participants as well as between participants and the clearing house managers / system operators. Also, the procedure of netting (arriving at the multilateral net settlement) is not legally recognized but has been adopted as a working procedure adopted by the members of the clearing house. To ensure smooth operations of the payment and settlement systems
and to authorize the Reserve Bank of India to regulate and supervise payment systems in India, and also to give a legal recognition to the netting procedure and settlement finality, a need for a separate legislation was felt. Accordingly, the Payment and Settlement Systems Bill was drafted. The draft Payment and Settlement Systems Bill has already been introduced in the Parliament and the Standing Committee on Finance of the Parliament has also examined the same. However, passage of the Bill is still awaited. Oversight 18. Pending the notification of the Payment and Settlement System Bill by the Government of India, the Reserve Bank is exercising its power under the RBI Act, 1934 to ensure smooth, safe and efficient operations of payment and settlement systems. RBI framed the Uniform Regulations and Rules for Clearing Houses (URRBCH) and the procedural Guidelines for ECS, EFT, RTGS and NEFT. They are available in the public domain. To further improve operational efficiency in MICR clearing MICR Minimum Standards for Operational Efficiencyhave been issued and placed in the public domain. These rules and regulations are applicable to all concerned in the system. Under these provisions each system when approved by the RBI sets outs a certain minimum requirements / standards to be adhered to and a reporting mechanism to the central bank on a periodic basis. 19. In order to ensure that the systems in operations are compliant with international standards, a self assessment was performed by analyzing the various systems in operations in India and their compliance to the Core Principles of BIS. In a nutshell, the following matrix depicts the payment systems in operation in India and their compliance to the Core Principles. The systemically important payment systems in India are broadly compliant to the Core Principles except for legal basis on multilateral netting and settlement finality (which would be fully compliant on the notification of Payment and Settlement System bill passed ).
Sl. No.
Principle Not complied
Status of Compliance Partialiy complied Conclusions The litmus test of all the payment system initiatives is whether the initiatives are leading to improved levels of safety, security, soundness and efficiency: i.e. triple S + E. In a nutshell, it can be said that though a lot has been done and a lot still need to be done. Some of the priority projects at present are a separate law on payment and settlement system, cheque truncation system to bring down the clearing cycle, leapfrogging to electronic transactions in some cash-based transactions and wider use of RTGS system for funds transfers in financial markets participants. Broadly complied Fully complied
12345678910-
Legal basis Understanding financial risks Management of financial risks Prompt and final settlement Completion of settlement even when single largest participant fails in MNS Settlement asset Security and operational reliability Efficiency Access Criteria Governance
20. The Bank in a way has started formalising its oversight functions - for MICR Cheque Processing Centres, based on the set of Minimum Standards for Operations, the banks managing the clearing house are to submit a quarterly Self Assessment report on compliance to the Reserve Bank. 21. The Reserve Bank has brought out published the first Report on Payment Systems Oversight. The report has been placed on RBI website shortly.
Payment Systems in India - Key statistics

Cheque Clearing No. of Clearing Houses No. of Clearing Houses with MICR cheque processing capability Daily average (volume) 59 MICR centres Of which 4 metro centre Rest of India Daily average (value) 59 MICR centres Of which 4 metro centres Rest of India Centres with High - Value Clearing 1095 59 44.04 21.60 22.44 46554.82 Cr 29011.09 17543.73 27 Lakh Lakh Lakh
Cr Cr
Electronic Clearing No. of centres covered with ECS RBI centres Other Banks Coverage of NEFT No. of Bank No. of Branches Centres covered Large Value System RTGS Member Banks No. of Banks offering Customer Transaction Centres covered Bank branches Daily average Volume / Value Intere-Bank Volume Value Customer Volume Value PDO-NDS member Daily aveage volume Daily aveage Value CBLO clearing member Daily average Volume Daily average Value FX clearing member Daily average Volume Daily average Value (INR) Daily average Value (USD) Cards Transaction No. of cards issued Credit Debit Smart No. of ATM No. of POS terminals No. of merchants accepting cards
Source : Reserve Bank Of India , Department of Payment and Settlement Syatem (DPSS) Central Office, Mumbai
68 15 53 84 37000+ 6500+
92 + 8 PDs 89 8000+ 38000+
6119.65 45721.70 18278.50 67155.56 150 578 11000 149 475 35711 73 2483 45477 11.58
Cr
Cr
Cr
Cr
Cr billion
26.63 96.78 negligible 33015 393335 460079
million million
10
Ethical Hacking
Highlights Rick Blum A critical tool in the battle to identify IT infrastructure * The top three benefits of ethical hacks, in order of vulnerabilities is the ethical importance, are to improve overall security, protect hack, which simulates an against theft of intellectual property and fulfill attack in order to truly regulatory/legislative mandates. understand the effectiveness of * Only five percent of respondents think there is no current security controls. chance of being hacked in the coming year. Nearly half Trying to secure a network place the odds of being hacked at greater than 50 without conducting an ethical percent. hack is little more than guess * Most organizations conduct ethical hacks on at least an work. Without proper validation, real assurance of the annual basis. Wireline networks and operating security is impossible. systems are most frequently tested, while application Regular ethical hacks can create value beyond just and wireless networks are tested less often. identifying vulnerabilities. They can also help comply with Organizations with security budgets of more than $1 regulatory mandates, protect against lawsuits, and justify million conduct ethical hacks far more often than those security investments. This latter benefit is particularly with budgets of less than $100,000. important as gaining the support of corporate management * When respondents' IT organizations don't conduct ethical hacks, the most frequent reason given is that management does not value it. * More than half of respondents have found some vulnerabilities with moderate impact when conducting an ethical hack of the networks, operating systems or applications. * When using a third-party vendor strategy to conduct multiple ethical hacks, 24 percent of respondents will choose the best vendor and stick with them, while 25 percent will rotate vendors on a regular basis. The Bottom Line Cyberspace is becoming an ever-more dangerous place, especially to IT organizations that are charged with protecting sensitive data and maintaining web sites that generate revenue. Along with these dangers, studies show that internal threats are just as dangerous, particularly to applications that are readily accessible over intranets. Since locking down all networks is not a viable option, the only response that security managers can realistically execute is to harden their networks, applications and operating systems to a reasonable level of safety, and go on conducting business.
11
can be a major obstacle, particularly when using thirdparty, ethical hacking vendors that provide an objectivity and expertise that internal resources simply can't guarantee. Ethical hacks are truly a necessity in today's computing environment, and any IT organization that forgoes this activity for long risks putting the entire enterprise in jeopardy. Introduction Identifying risks and vulnerabilities is crucial to preventing exposure of sensitive data, as well as for protecting the corporate reputation. IT organizations must proactively manage risk by conducting ethical hacks on a regular basis in order to identify potential vulnerabilities in their networks, operating systems and applications. From January 13 through February 14 2007, BT INS conducted a Web-based survey on Ethical Hacking, which was completed by 150 IT professionals around the globe. This survey was designed to yield valuable insights into the usage of ethical hacking to improve network, systems and application security. Results of this survey are also compared, when appropriate, to the results published in January 2005 of an ethical hacking survey BT INS January - March 2008
conducted in late 2004. For this survey, ethical hacking, also called penetration testing, was defined as a method for verifying the true state of security controls for the protection of assets and information by simulating an attack on a network in a controlled and safe manner. Ethical hacks are typically conducted by a third party in a manner similar to naturally occurring attacks to provide an unbiased assessment of the security of a system and the viability of implemented controls. The survey was posted on BT INS' Web site at http://www.ins.com/knowledge/surveys/industrySurvey.a sp. Invitations to participate in the survey were sent to subscribers of BT INS' NetKnowledge newsletter and former BT INS industry survey participants. All Web survey responses were automatically collected into a survey tool. Any questions skipped or incorrectly answered by survey respondents were not included in the tabulations. Not-applicable responses were also not included in the tabulations. Each chart includes the number of valid responses for that particular question (e.g., N=100 indicates 100 responses). Percentages shown in charts may not equal 100 percent due to rounding. Hacking Concerns Ethical hacks are typically thought of as being defensive measures, that is, the object is to identify weak points in the network, operating systems or applications that an attacker might exploit, then close those weakness to prevent compromise of data or other destructive actions. Over the last few years, it has become increasingly clear not only to IT security professional, but also to the public in general that many, if not most, networks are still vulnerable to attack. This reality is reflected in the finding that 95 percent of survey respondents believe that there is some likelihood that their network will be successfully hacked in the coming year. This result is up slightly from the 2005 survey, when only 92 percent of respondents acknowledged the likelihood of being successfully hacked. The good news, however, is that the percentage of respondents who place the likelihood of being successfully attacked at 50 percent or less has increased over the last couple of years from 81 percent to 87 percent. Although
12
this is a small gain, it is, at least, a step in the right direction. Similarly, the percentage of respondents who think the likelihood of being hacked is 10 percent or less also Likelihood of Being Successfully Hacked in Next 12 Months
100%
6% 4% 9% 5% 3% 5% 18%
Percent of Respondents
80%
Definitely will be hacked 76-99% Chance
15%
60%
17%
18%
51-75% Chance 26-50% Chance 11-25% Chance 1-10% Chance
41%
46%
40%
20%
No chance of being hacked

0%
8% 5%
2005
2007
To better protect their networks (wireline and wireless), operating systems, and applications from attack, the vast majority (79-86 percent) of respondents' IT organizations conduct ethical hacks, though with varying degrees of regularity. Wireline and operating systems are most frequently subject to ethical hacks approximately one-third of respondents do so on a quarterly schedule. Wireless networks and applications don't receive as much attention, with only about one quarter being ethically hacked on a quarterly basis. As might be expected, respondents who conduct ethical hacks quarterly on both their wireless and wireline networks are significantly more likely (68 percent) to believe that the chance of their networks being successfully hacked in the next year is less than 10 percent than those who conduct ethical hacks less than once a year or never (45 percent). Still, seven percent of respondents who conduct ethical hacks quarterly believe that their networks will definitely be hacked successfully in the coming year. Fourteen percent of respondents' wireline networks and operating systems are never ethically hacked, as are 21 percent of wireless networks and applications. For these organizations, the motto seems to be What we don't know won't hurt us. January - March 2008
Frequency of Ethical Hacks

100%
6% 17% 6% 19% 6% 20% 6% 17%
Frequency of Ethical Hacks by Annual Security Budget Size

100%
31% 4% 13% 25% 35% 4%
80%
29%
17% 4% 17%
80%
60%
50%
26%
21%
Never
14% 46%
60%
20%
22% 19% 23%
40%
12% 14%
Less than once a year Annually
Never
15%
15%
12%
14% 15%
20%
40%
34% 32%
Less than once a year

0%
Semi-annually
14% 14%
Quarterly
< $100K > $1M Wireline networks < $100K > $1M Applications
Annually
25% 24%
20%
Semi-annually Quarterly
0%
Wireline networks Operating Systems Applications Wireless networks
While companies that never conduct ethical hacks are taking a risk, the reason behind this approach may be related primarily to budgetary considerations. Companies that annually spend less than $100,000 on security are far less likely to regularly conduct ethical hacks. For example, only 14 percent of these companies conduct quarterly ethical hacks on wireline networks and applications, while 46-50 percent of companies that spend more than $1 million on security do so. On the other end of the scale, 3135 percent of companies with small security budgets never conduct ethical hacks, while only four percent of companies with large security budgets take this course. The results for operating systems and wireless networks are similar. Small companies understandably are less likely to spend a portion of their security budget on activities that don't have immediate impact, but they must understand the risk of doing so. While a large company that gets attacked may be able to survive a lawsuit (or web-site downtime) with minimal impact, the effect on a small company could be fatal. These companies must carefully and consciously judge the level of risk and the sensitivity of stored data against the palliative effects of ethical hacks.
13
So what are some of the other reasons for not conducting ethical hacks? Respondents who never conduct ethical hacks in any one of the four categories say the most common reason (selected by 50 percent of respondents) is simply that management does not understand the value of ethical hacks and, presumably, will not allocate the time and money required to conduct them. What is most surprising about this result is that, despite the extremely negative publicity a number of companies that have lost sensitive data have encountered over the last couple of years, management's perception of the value of ethical hacking seems to have decreased since 2005. Security professionals need to reexamine how they are presenting ethical hacking to management, perhaps with greater focus on business consequences. The next most common reason for not conducting ethical hacks, selected by 39 percent of respondents, is that the IT organization doesn't have the manpower and/or skills to fix potential vulnerabilities that are uncovered during the hack. This excuse is a bit like an ostrich sticking its head in the sand; choosing not to know is a dangerous course to take. Similarly, 35 percent of respondents say their IT organizations don't have the funds to fix potential vulnerabilities. Again, a head-in-the-sand approach won't cut the mustard when the CEO wants to know how customer data was stolen, or why the web site was down for hours (or days) due to an attack. Better to know the problem and the cost of a fix than to plead ignorance. Only one-fifth of respondents are concerned about the safety of the hack, and less than one in ten is worried that that results of an ethical hack could be embarrassing. January - March 2008
Reasons for Not Conducting Ethical Hacks Significance of Vulnerabilities Uncoverd by Ethical Hacks
Management does not value this service
36% 50%
Wireline networks
39% 34% 27% 26%

0 20 40
5%
Wireless networks
53% 58% 55%

60 80
13% 15% 19%

100%
Don't have manpower / skills to fix potential vulnerabilities
22% 39% 22% 33% 22% 21% 2005 22% 9%

0 10 20 30 40
Applications
Operating systems
Don't have the funds to fix potential vulnerabilites
Percent of respondents
Concerns about safety of the hack
No significant vulnerabilities found Some vulnerabilities with moderate impact found Se ious vulnerabilities found
N - 121
Could be embarrassing
2007
Ethical Hacking Strategies and Benefits

50 60%
N - 65
Note : includes only respondents who never conduct ethical hacks on their wireline networks, wireless networks, operating systems or applications.
Most IT organizations use third-party providers of ethical hacking services to test for vulnerabilities in their networks for a number of reasons including:
*
We then turned to respondents who have conducted at least one ethical hack and asked them to tell us for each of the four categories what level of vulnerabilities were found either serious, moderate, or insignificant. Operating systems are most likely to be insecure, with 19 percent of those tested having serious vulnerabilities, and another 55 percent having some vulnerabilities with moderate impact. Barely more than one-quarter had no significant vulnerabilities. Applications fare slightly better than operating systems, although not by a significant amount. Networks, both wireline and wireless, have the lowest levels of significant vulnerabilities, especially wireline networks, for which only five percent of ethical hacks turned up significant vulnerabilities. Overall, the picture is not bright, although not completely bleak either. Ethical hacks uncovered some vulnerabilities of moderate to high impact in at least six out of ten networks, applications and operating systems. The industry is going to have to do much better than that to win back the public's trust.
14
Ethical hacking specialists have more expertise and tools than in-house resources Tests can be conducted with zero-knowledge to truly mimic a random intruder Testing can be done without the knowledge of other IT employees
* *
For the more than 80 percent of respondents whose IT organizations have used third-party, ethical-hacking vendors, their approaches varied widely. Half of these respondents do not have a strategy, formal or informal, for working with ethical hacking vendors. This is nearly the same results as in the 2005 survey, indicating the maturity of this critical element of security is still in its early development stages. We can only assume that these organizations operate on an ad hoc basis, making a decision whether to use the same or a new vendor with each ethical hack. While not necessarily a terrible approach, it doesn't show the level of concern that the other respondents display for the ethical hacking process by actively selecting a multivendor or single-source strategy. One quarter of respondents rotate vendors on a regular January - March 2008
basis to gain an extra layer of insurance that all vulnerabilities will be identified over time. Twenty-four percent prefer to choose the best vendor for ethical hacking services, and then stick with that vendor. If the vendor is fully aware of the latest vulnerabilities, uses proven methodologies, and has a staff that is well experienced, this can also be a successful strategy, and it allows building of a relationship that may lead to long-term improvements in the underlying security architecture.
listed as the top benefit by only 23 percent of respondents in 2005, compared to 34 percent this year. The third most frequently reported benefit is fulfilling regulatory and legislative mandates. Twelve percent of respondents consider this their top benefit, 17 percent consider it the second most important, and another 16 percent make it the third most important. With the spotlight on the Sarbanes-Oxley Act, Gramm-Leach-Bliley Act, and numerous regulations and mandate, it is surprising that the total number of respondents who ranked this as a top-three benefit is exactly the same as the 2005 survey. Perhaps if the survey had been aimed at business executives, this benefit would have scored much higher. Only one other benefit was selected by more than forty percent of respondents in their top three: baselining of the current environment. While this is useful data, clearly we can see why it is not ranked in the top three more often. Validating previous security investment hit the top three benefits ranking by 27 percent of respondents, while providing justification for additional funding was selected in the top three by 22 percent of respondents. Protecting against possible lawsuits and trending analyses were further down the list.
Ranking of Ethical Hacking Benefits
Frequency of Ethical Hacks

100%
48%
50%
80% 60% 40% 20% 0%
29%
25%
No particular strategy Rotate vendors on a regular basis
23%
24%
Choose the best vendor and stick with them

N - 127
2005
2007
The reason for conducting an ethical hack is, obviously, to identify and remediate any vulnerabilities in networks, operating systems and applications. In doing so, however, a number of benefits can be achieved. We presented respondents with a list of eight potential benefits they could possibly receive from conducting an ethical hack, and asked them to rank the top three in order of importance. Not surprisingly, improving the overall security posture is the number one benefit by a wide margin, being listed in the top three by 80 percent of respondents, and the most important benefit by more than one-third. Also ranked in the top three benefits by more than half of respondents is protecting against theft of intellectual property (IP). Thirty-four percent of respondents listed this as their top benefit. Taken together, more than two-thirds of respondents consider the top benefit of ethical hacks to be protection against theft of IP or improving security overall. Compared to the results in the 2005 survey, both of these benefits increased in popularity. In fact, theft of IP was
15
Improve overall secuity posture Protect against theft of intellectual property Fulfill regulatory/ legislative mandates Baseline current environment Validate previous security investments Provide justification for additional funding Protect against Possible lawsuits ability to do trending analysis
35% 34% 12% 17% 14% 16% 20%
36% 9%
9%
10% 12% 2% 8% 2% 8% 5% 2% 2% 8%
0 10 20
17% 12%
Top-ranked benefit
8%
Second-ranked benefit Third-ranked benefit
30
40
50
60
70
80%
N - 85
Security Budgets Two-thirds of respondents' IT organizations have annual security budgets of less than $500 thousand the greater portion of those falling below the $100 thousand threshold. Another large chunk (25 percent) fall in the $500 thousand to $5 million range. Pie Chart: Respondents' IT Organizations' Security Budget Approximately one-quarter of respondents do not specifically allocate a portion of the security budget for ethical hacking, down from 32 percent in 2005. Forty-two percent of respondents allocate from 1-5 percent and 18 percent allocate from 6-10 percent of their security budgets for ethical hacking.
Percentage of Security Budget Used for Ethical Hacking

1-5%
42%
8% 6% 18%
21-30% 11-20% 6-10% None
26%
N = 111
The Author is Director, Strategic Marketing BT INS (British Telecommunication International Network System)
WHAT HAPPENS IN HEAVEN

I dreamt that I went to Heaven and an angel was showing me around. We walked side-by-side inside a large workroom filled with angels. My angel guide stopped in front of the first section and said, "This Is the Receiving Section. Here, all petitions to God said in prayer are Received. I looked around in this area, and it was terribly busy with so many angels sorting out petitions written on voluminous paper sheets and scraps from people all over the world. Then we moved on down a long corridor until we reached the second section. The angel then said to me, "This is the Packaging and Delivery Section. Here, the graces and blessings the people asked for are processed and delivered to the living persons who asked for them." I noticed again how busy it was there. There were many angels working hard at that station, since so many blessings had been requested and were being packaged for delivery to Earth Finally at the farthest end of the long corridor we stopped at the Door of a very small station To my great surprise,
16
only one angel was Seated there, idly doing nothing. "This is the Aknowledgment Section," My angel friend quietly admitted to me. He seemed embarrassed "How is it that there is no work going on here?" I asked. "So sad," the angel sighed. "After people receive the blessings that they asked For, very few send back acknowledgments ." "How does one acknowledge God's blessings?" I asked. "Simple," the angel answered. Lord." "What blessings should they acknowledge?" I asked. "If you have food in the refrigerator, clothes on your back, a roof overhead and a place to sleep you are richer than 75% of this world. If you have money in the bank, in your wallet, and spare change in a dish, you are among the top 8% of the world's wealthy ." "And if you get this on your own computer, you are part of the 1% in the world who has that opportunity." " If you woke up this morning with more health than illness ... You are more blessed than the many who will not even survive this day ." Just say, "Thank you,
ROOT OF SUBPRIME LENDING CRISIS IS GROWING SOPHISTICATION IN TECHNOLOGY, INSTRUMENTS AND OVERPLAY OF EXPERTISE BY FINANCIAL INSTITUTIONS...
Dr. S. N. Ghosal t has now become obvious that sub prime lending has almost created havoc in financial markets all over the world. It is surprising that despite growing expertise and technology in risk management this has happened or rather originated from the highly advanced country like USA where financial market is highly developed and regulated. It would be therefore interesting to fathom out how and why it has happened. Origin It is interesting to note that it has happened primarily to provide housing loans to middle and lower middle class in dire need of house but are unable to build it due to dearth of own capital. It is therefore obvious that its root is social cause and hence escaped surveillance of its misuse for long time despite the existence of highly sophisticated technology and regulatory authorities and government of the country. It is true these institutions were kept outside the surveillance of regulatory authorities but since such lending was affecting banks and financial markets it was obligatory both for government and regulatory authorities of the country to take cognizance of growing crisis and accordingly should have taken preventing action on time. Social cause In fact sub prime lending was started by a new class of lenders created in USA to help economically weak to own a house of their own. These are known as mortgage banker and these have been allowed to operate free of regulators unlike traditional bankers. These institutions have been allowed to grant mortgage loans to even economically weak persons who ordinarily would not qualify for such loans from traditional banks. In consequence most of these borrowers could not regularly pay installments due to their poor income flow. To add salt to this these specialized mortgage bankers started passing on their risks to other investors who evinced keen interest to acquire mortgage backed securities as these carried higher yield (interest) as compared to less risky investments and also expected to avail the benefit of rising prices of properties.
17
Technique These mortgage backed instruments were created by bundling large number of such mortgage loans into a series of bonds carrying borrowers interest and principal payment to bond holders. In fact these are so grouped by mixing the quality of mortgage and paying ability of borrowers so that some payments to the investors would be made regularly by the borrowers and thus investors would have handsome flow of income (due to higher rate of interest) for quite some. In other words these series of bonds have different degrees of risks based on borrowers' credit worthiness'. To make these more attractive, some lenders lent at adjustable interest rates to suit borrowers' convenience. .these variable rates are linked with some bench mark rates like US Treasury Bill rates These rates were very low initially (1.25% in 2003) borrowers of all hues faced no problem to meet their liabilities. However when these rates started rising borrowers particularly with low income started facing the problem in large number and heavily defaulted in their payment obligation. Economic factors The boon in mortgage based lending for home building happened not only due to the laxity of government and regulatory authorities but also due to falling interest rates on loans and rising prices particularly of house properties. In fact from 1980 to 2004 the average interest rates of good number of countries fell from 15% to 4.4% and that naturally attracted large number of people to borrow and build or acquire houses of their own. Obviously this added fuel to the growth of sub prime loans in many countries. Maneuvering The above analysis brings out social and economic needs for mortgage loans for building houses but it also highlights some neglect and maneuverings by banks and regulating agencies including the government of the country. In fact January - March 2008
US has been the leader country as there only first attempt was made by the government to bail out distressed borrowers from sales and foreclosures through securitization. The Federal Government of USA first created Federal Housing Administration to insure such mortgaged loans and to provide guarantee to bonds created by bundling such loans so that banks and other investment institutions are attracted to purchase such bonds. In this manner the lending risk is passed on to holders of these bonds from the financing agencies who actually gave such loans. This proved to be attractive and effective for quite some time particularly as long as interest rate paid to depositors were lower than interest rate charged to borrowers. However situation took a reverse turn when interest rates started rising particularly the short term rates as compared to long term rates of interest. It is true that this type of interest rate risk could have been avoided by developing adjustable interest rate mortgages but for social cause US government barred the same so that home owners need not have to bear higher burden which perhaps they were unable to bear also Technology Beside these in fact growth of technology and expertise in finance further aggravated the problem. If holistic view is taken these financing institutions that bought and sold these mortgaged backed bonds took the help of highly sophisticated software and hardware to analyze risk and price movement as are usually done in the highly developed option markets. These obviously helped them to find out faster and with greater accuracy the movement of risk and price of these bonds and accordingly they went on splicing and re-splicing bonds to become more and more attractive to varied types of investors.
History In fact from 1990 onwards commercial banks also joined the game in a big way particularly in developed countries of the world as most of the government created institutions or directly provided guarantee as usually they provide for mint bonds. Obviously in the beginning banks were choosy and securitized low risk borrowers but soon they realized that there would be no difficulty in selling high risk bonds also as these bonds carry higher rate of interest and the value of the properties attached to these bonds also was rising rapidly in the market. These two factors helped investors to cover even risks and still have adequate surplus to make such investments profitable. In fact for quite some time capital markets of these countries had great appetite for these bonds despite known risk factors due to continuous rise in home prices. This was natural in the given situation but certainly not if futuristic would have been taken as that was feasible due to available expertise and technology with bankers in developed countries. This trend continued during 1990-2005 and no alarm signal was raised from anywhere despite impending rise in interest rates to control inflation was on the anvil in almost all such countries of the world. Role of rating agencies It has further been observed that this game was played with connivance of rating institutions as it has been found that these agencies rated these bonds high even when defaults were already arising and or becoming imminent. These institutions built up arguments and models that proved their higher rating of these bonds. This game of creating sub prime bonds as prime bonds and then again when such bonds appeared to be becoming sub prime these are regrouped and sliced to become prime bonds by assignation one or more reasons and applying sophisticated mathematical models to prove authenticity of their such certification in fact an in-depth study would reveal that most of the investors who bought and sold these bonds backed by sub-prime properties/loans were taken for a ride by these well known rating agencies who enjoyed high confidence in the market for a long time.
DIAGRM I
FLOW CHART OF SUB PRIME LEADING CRISIS Prime Loans
Slicing for CDO
CDO - 1.
CDO - 2.
CDO - 3.
PR
SP
SP
PR
SP
PR
SP
PIR
SP
SP
18
DIAGRAM II
FLOW CHART SHOWING CAUSAL FACTORS LEADING PRIME TO SUBPRIME & SUBPRIME TO PRIME LOANS Prime Loans
sophisticated and considered highly rewarding instruments particularly derivatives and securitization. The story is fast spreading as could be seen from the recent declaration of UBS- one of the most respected and leading EUROPEON BANK that they have suffered loss of $ 11.3 billion mainly due to their investment US sub prime market. However it is equally interesting to note that Credit Suisse though a smaller bank as compared to UBS could do better despite following the same strategy as that of UBS and writing off SF 1,3 billion on account of sub prime investment, as it had shown a full year net profit of SF 8.5 billion. This has happened despite the fact that they also like UBS and others in US and Europe have integrated private banking, investment banking and asset management. This evidently proves that there is nothing wrong in the strategy but the greed of private bankers and banks eagerness to satisfy their greed to retain them ultimately led to this meltdown as no market would accept continuously sub prime bonds how handsomely and convincingly these are dressed up by banks by taking advantage of sophisticated technology and expertise of renowned and prestigious investment bankers. Role of investment wizard It is however quizzical to find Warren Buffeta highly reputed investment banker warned in 2002 that 'derivatives are financial weapons of mass destruction, carrying dangers that, while now latent, are potentially lethal' now perhaps changed his opinion and has evinced keen interest to acquire quite a hefty amount of such investments from some of the banks who are very badly affected by such investments. Though these banks have not agreed to his offer as they feel if they agree to such offers they would be left with very bad portfolio with no opportunity to reshuffle and retrieve the loss partly of course. It is therefore clear that the strategy by itself was not wrong but it happened due to greed and availability of high technology and expertise which proved handy to greedy bankers and investors to create a make believe in the market that mortgage backed investments are not only safe but highly rewarding. Since common man in the market had confidence in these institutions and they were incapable to decipher highly January - March 2008
PL
PL
PL
PL
PL
PL
Default S.P L High Rating
Default S.P L Rise in Asset Pric
Prime
Prime
Damage done The impact of this game obviously was highly damaging not only for highly reputed world class banks and mortgage financial institutions but also on some world class insurance companies like American International Group popularly known as AIG.,as they all are facing very high unexpected losses. In fact AIG has recently been compelled to write off collatorized debt obligation (CDO) to the extent of $ 4.9 billion. . It is all the more surprising that this figure is five times more than the figure AIG announced earlier in confidence. In fact their auditors recently pointed out serious error in their present method of valuing their securities. It would be distressing to note that AIG still carrying $ 62 billion of CDO with sub prime content. This is no doubt alarming and speaks volume about the dubious game played all-round during this period by highly reputed and sophisticated institutions. No one has assessed its impact on common men. Of this meltdown. It is however open secret that mainstream banks' credibility has been hit by this meltdown and people look askance to find a place of safety and positive returns with dependable values which they had with the banking system. This obviously highlights that financial system is still not perfect and there is urgent need to do something to restore credibility and confidence on these institutions and their highly
19
mathematical models that tried to proof to them about the safety and reward accruing from such investments, they readily fell pray of these allurements. Summing up of basic reasons It would be interesting therefore to know the basic reasons that sustained and allowed very rapid growth of such mortgage backed investments both by lenders and borrowers. These basic reasons could be summed up as follows:a. comparatively higher rate of interest available from these bonds and loans; b. banks and financial institutions were having sufficient amount of surplus liquidity; c. development of innovative instruments which helped easy transfer of risks without incurring loss;
the borrowers have defaulted in payment of their interest and installments of loans that have been to create these bonds. Artificial market It is therefore obvious that an attempt was made to create an artificial or make believe market for such bonds initially by the government for social cause and thereafter by banks and financial institutions for their economic gains. These efforts continued up to 2005-2006 but soon the fallacy surfaced in the markets in almost all countries who adopted such strategy particularly USA. In fact Martin Field stein, president of National Bureau of Economic research rightly stated that the housing sector strategy so far followed has created following three distinct but related problems:a. a very sharp decline in house prices;
d. The prevailing trend of rise in prices of properties almost sky rocketing. Further help came from the development of innovative instruments called CDOs that enabled them to have easy access to market and fetch satisfactory prices without any hassle. The sequence of development of such instruments is as follows;a. Adjusted Rate Mortgage that created low interest in the initial period to help borrowers to meet the obligation in time and thus create credibility in the market;
b. sub-prime mortgage problem has caused a substantial widening of credit spread and credit market; and c. Decline in home equity loans and mortgage refinancing.
Diversion of risk from original lender In fact securitization to this extent virtually diverted the risk away from the original lenders and for that reason lending standard has become lax and buying a home became irresistible. It is true securitization and credit derivatives are created to disperse the risk but in no way it were supposed to minimize the risk. To add fuel to the fire even rating agencies took the advantage of rising property prices while rating the bonds and paid no heed to the possibility of fall in property prices in future. These bonds were long period bonds and therefore volatility of prices on long term basis should have been taken into consideration. But this was not to happen as that way their business and revenue growth would not have been as high as to provide them regular hike in salaries and perks. Theory Behind Cdo Theoretically CDOs were developed to dilute default risks through diversification by mixing different types of loans together but in practice it has ended up achieving exactly
b. Providing refinance facilities to banks and investment institutions against the loans created by them and this way enhancing their liquidity to further funding of such loans; c. Developed collaterized debt obligation instruments (CDO) by pooling such loans in series of baskets to balance these loans of high risks with low risks to enhance their market acceptability and value; and
d. Credit rating agencies were also convinced that due to high rise in property prices these mortgaged backed bonds could be rated high despite some of
20
the opposite of its intended outcome. In fact NORMA (insurance agency) is largely responsible for creating speculative market by diversifying the value of sub-prime mortgages on which it was based. It also acted as a part of a chain of mortgage linked investments that took stakes among themselves. In fact these bonds were made so attractive that investment bankers vied with each other to acquire these despite rising defaults in payments by borrowers. The result is today CDO market is more or less non existent and investment bankers have no other alternative but to show these investments in level3 which means they have to induct capital to provide for these losses. Impact on Indian Banking It has however not affected Indian banking much. This has happened largely due to timely warning by the Reserve Bank of India by enhancing provision to be made against such loans and not reducing bank rate to increase liquidity with banks despite repeated pressure from the government of India for the same. However Indian banking had to bear its impact indirectly as many foreign banks had to withdraw their investments made in Indian capital markets to meet their obligation at home arising from sub prime lending by
them. This way Indian capital market fell and banking shares also had to bear this impact substantially. However recently some direct impact has also been observed due to unusual growth of retail banking in some leading banks in India but in no way this impact is comparable to what has happened in banks of developed countries, Lessons In fact CDOs were invented to assist banks to transfer risks and earn fees in the process, but when banks started issuing multiple bonds backed by same securities and buying the same from each other, things naturally went out of hand and meltdown became inevitable. In this way an innovative instrument became destructive instead of contributing in constructive way banks to distribute their risks according to their capacity to bear such risk. It is therefore true that credit derivatives could become lethal when used wrongly by defeating the very objective for which the instrument was invented. The lesson derived from this is that one should not forget that misuse of any tool howsoever sophisticated and innovative it might be, it would definitely lead to crisis ultimately.
The Author is Adjunct Faculty of ICFAI Business School at Kolkata
"Think About It"

Man often becomes what he believes himself to be. If I keep on saying to myself that I cannot do a certain thing, it is possible that I may end by really becoming incapable of doing it. On the contrary, if I have the belief that I can do it, I shall surely acquire the capacity to do it even if I may not have it at the beginning. - Mahatma Gandhi To a brave man, good and bad luck are like his left and right hand. He uses both. - St Catherine of Siena When one door of happiness closes, another opens, but often we took so long at the closed door that we do not see the one that has been opened up for us - Helen Keller Opportunity is missed by most people because it is dressed in overalls and looks like work. - Thomas A Edison Pessimist : A person who says that O is the last letter of ZERO, instead of the first letter in word OPPORTUNITY. - Anonymous
21
E-CRM New Technology Innovation in the Banking Industry

Dr. S. Sudalaimuthu Abstract Customer Relationship Management (CRM) is the process of identifying, attracting, differentiating and retaining customers. Banks are concentrating more on acquiring new customers. They seldom understand the importance and profitability of creating loyalty and retaining customers. For the last decade most banks have been so absorbed in their own internal issues, particularly merger drives, cost-cutting and re-engineering, that customers and their relationship often received short shift. Banks have to come out with innovative measures to satisfy the needs of both the present and the potential customers at the same time adopt procedures to win back the lost customers. The Banking sector in India is fast growing and their contribution to economic development is really impressive due to advancement in Information Technology. Effective implementation and monitoring of E-CRM approaches by the banks will result in providing superior services to their customers, gaining long-term loyalty, and finally pocketing more revenues by the banks. E-CRM tools also enable customers to assist themselves through a company's website from anywhere, at anytime. Customers can gather information about products, update billing information (even pay bills), review account balances, and check orders on their own and then immediately receive more personalized help from a call center agent, if needed, with a single click of a button. This capability allows businesses to improve customer service with reducing costs and improving productivity (Reynolds, 2002). An inevitable consequence of most CRM strategies is the need to collect more data and then derive additional information from that data. If a company changes to a customer centric strategy, it must plan for more data and greater integration of that data from both its front office (e.g. call centers and other customer-facing applications) and back-office (accounting, order process, logistics and fulfillment, for example). Once that is accomplished the system must be able to distribute this parsed data to more people (employees and customers). Most companies are developing the capabilities necessary to drive their e- CRM ecosystem - building and implementing technology and customer data, dialog and value systems. E-CRM New Technology Innovation in the Banking Industry
22
Introduction CRM Customer Relationship Management can be defined as the strategies, processes, people and technologies used by companies to successfully attract and retain customers for maximum corporate growth and profit. CRM initiatives are designed with the goal of meeting customer expectations and needs in order to achieve maximum customer lifetime value and return to the enterprise. The use of customer relationship management products, CRM software and CRM solutions will enhance the effective implementation of CRM in an organization. E-CRM is not just customer service, self-service web applications, sales force automation tools or the analysis of consumer buying behavior on the Internet. E-CRM is all of these initiatives working together to enable an organization to more effectively respond to its customers' needs and to market to them on a one-to-one basis. To deliver effective web services for customers, the scope for e-CRM must be right; companies have to develop a plan to support the: Full customer lifecycle from customer identification, acquisition, retention and extension. * Whole buying process including pre-purchase, purchase and post-purchase. * Integration of online and offline communications since the purchase behavior of many customers is now mixed-mode or multichannel with part of the buying process online and part offline. * Sharing of customer data across different sales and marketing functions including direct customer contacts through sales reps or retail locations as well as phone or e-mail contacts. * Analytic capabilities to analyze and improve the effectiveness of marketing campaigns and inbound contact management. Objectives of the study 1. To understand the fundamental concepts behind customer relationship management practices undertaken in the banks. 2. To study the technology used in banking sectors for adopting CRM practices in their banks. Hypothesis 1. There exists relationship between the technologies used in public and private sector bank January - March 2008
Methodology The methodology used in the study is explained below. Data and Sources of Data: The study is based mainly on primary data. Primary data have been collected through issue interview schedule to the bankers. Sample Selected For The Study: A Sample of 15 banks (both public and private banks) has been selected for the study. The following are the banks which are selected
Public sector banks 1. State Bank of India 2. Bank of India 3. Indian Overseas Bank 4. Canara Bank 5. Corporation Bank 6. Indian Bank
Private sector banks 1. ICICI Bank 2. IDBI Bank 3. HDFC Bank 4. UTI Bank 5. Karur Vysya Bank 6. ING Vysya Bank 7. IndusInd bank 8. Centurion Bank 9. South Indian Bank
* Most profitable business customer identification, * Efficient and standardized customer care delivery, * Most risky customer identification. According to Reynolds (2002), CRM technology helps organizations to organize customer touch points. A properly customized and integrated IT ecosystem can make a business to respond to a customer's needs instantaneously (e.g. keeping its catalog, web and sales team continuously updated on the changes of products and prices). For instance, a company can set up CRM tools to send reminders about new products, services to existing customers. And it can implement One-to-One marketing, sorting through online customer profiles and purchase history to adopt new offerings to each customer's individual preferences. According to Reynolds (2002) Customer relationship management applications can commonly include: * Call center Automation, * Campaign Management, * Contact Management, * Data Warehousing, * Email Management, * Field Service Automation, * Knowledge Management, * Marketing Automation, * Personalization, * Sales Force Automation. Call center automation: Today, companies are recognizing that being able to deliver a high-quality customer experience through call center automation is of major strategic value to the organization. Revenue generation and customer loyalty/retention are key objectives of the call center automation. Accomplishment of these objectives requires an enriched, personalized, and consistent customer experience across all business channels. Many organizations discover, however, that their representatives are severely limited because systems are difficult to use and are not integrated. Campaign Management: Campaign Management is a system for managing a full lifecycle of marketing campaigns: from planning phase, through tests, rollout and adjustment, to evaluation phase. The system facilitates reaching a profiled customer group in the right time, through the right communication channel and with the right information. A unique feature of Campaign Management is a possibility to integrate the mass, resulting in reduced cost of reaching a customer. Another unique feature mechanism is for cyclical data update, ensuring a high efficiency of marketing campaigns. Contact management: The success depends on well-organized contact data. Daily
Number of sample customers: Interview Schedule has been collected from 10 employees of each bank and the total number of bank respondents comes to 150. The sample respondents are selected on the basis of convenient sampling method. Area of study: The study area is limited to Coimbatore district. CRM Technology CRM helps business to use technology and human resources to gain insight into the behavior of customers and the value of those customers. Dewhurst et al (1999) says IT can facilitate and enhance customer relationships in various ways, but mainly enables companies to attain customization, the essence of the customer centric orientation, through the deployment of sophisticated customer relationship management (CRM) systems. Greenberg (2003) takes CRM as a business philosophy and strategy, supported by a system and technology, designed to improve human interactions in a business environment. Reynolds (2002) says CRM technology is not a piece of software snapped into an IT ecosystem, but through integration within a company's IT infrastructure, enables a business to develop, archive, and share customer information throughout a business to:
* *
The Customer specific need identification, Offer personalized view of the business to customers,
23
communication with clients means frequent meetings, calls, and e-mail, as well as interactions through web sites, mobile phones, and the like. An effective contact management and customer relationship management solution stores this important information, letting you retrieve it quickly and easily. Contact management is ideal for individual or small groups of representatives working together. Data warehouse: A customer centric data warehouse that provides a unified view of customer data is the backbone of any successful CRM application. The analytical CRM data warehouse solution framework offers the following: Integrated customer views across applications, channels, geographies. Solution architecture including customer centric data warehouses to handle synchronous and asynchronous touch points. Focus on data cleansing, match & merge to integrate customers. Customer centric data model to capture and track customer product holding, product usage, contact history and events. A well-defined process model for design, development and implementation. Phased iterative implementation methodology. E-mail management: Storing e-mail in a scalable document management system enables firms to make e-mail part of a unified engagement, project or matter file. Interwoven E-mail Management reduces the burden on e-mail servers, and transforms e-mail from an isolated knowledge source, visible only to the person to whom it is addressed, into an asset that can be shared across all bank branches, easily and securely. Field Force Automation: Field Force Automation (FFA) solutions provide field force workers access to key business information via mobile devices. The solutions that support them are backed by our proven design methodology that unlocks the power of the enterprise, resulting in improved business processes, client response and satisfaction, and greater productivity and efficiency among employees. As a result, these solutions can help shorten cycle times for service and repairs, expand despatch capabilities, and improve accuracy and timeliness of service information and inventory data. Knowledge management: Knowledge management comprises a range of practices used by organisations to identify, create, represent, and distribute knowledge for reuse, awareness, and learning across the organisations. Knowledge Management programs are typically tied to organisational objectives and are intended to lead to the achievement of specific outcomes, such as shared intelligence, improved performance, competitive advantage, or higher levels of innovation.
24
Marketing automation: Marketing automation application empowers to manage multichannel campaigns and provide up-to-date messaging to sales. Lead hand-off is automated to ensure that no opportunity is missed. Real-time analytics and reporting give marketers the tools to evaluate results and adjust campaigns to maximize them.
* * * *
Integrated marketing and sales application with automated lead conversion Real-time analytics to measure and optimize campaigns for best results Multichannel campaign management and analysis for a complete marketing solution
Rapid deployment and award-winning ease-of-use to get users working quickly Personalization: Personalization means using accurate and up-to-date customer data to introduce individual amendments for each and every customer which refer to past interaction, account information or preferences. Sales force automation: Sales Force Automation software package empowers the banking company with the ability to handle all that cumbersome, but crucial, information your salespeople and the organization depend on. Sales force automation software is a comprehensive system that lets bank managers and salespeople track leads, capture sales opportunities and access customer information anywhere, all while increasing the return on investment for your firm. Sales force automation software package integrates processes from both sales and marketing functions, because the sales side also depends on marketing to generate leads. Rapidly improving technology has allowed organizations to make the best of each customer contact. New technology has made it possible to capitalize the information held in back-office system (accounting, purchasing material management, distribution), as compared to previous technology when only front-office (sales, marketing) information was available. Customers expect to speak immediately to a person, who already knows all about them. A website or telephone system is expected to provide complete information that meets their needs. Technologies used by the Banks The advent and growth of Information technology has paved the growth of banking industry in many aspects which acts as a base for customer relationship management. Information technology helps the banks to provide the services more effectively and quickly to acquire and retain its customers. Table 1.1 states the technologies used by the banks
The Author is Lecturer, Dept of Commerce, Bharathiar University, Cbe.
FAQ's in CBS
Q 1) In DL against FDR (SPL), branches are not able to enter a Demand Loan account number in ACM - C details. The acceptable accounts here are only SB, CA, CC and OD type only. Inspectors are observing that intt proceeds are not routed through DL accounts. Ans) Give operative account number in the C details of the ACM menu option for the said Spl FDR and thereafter create a SI in the operative account for transfer of the interest to the DL account. Q 2) Which is the menu option to delink Debit card from account? Ans) Use SWCM(D) menu option to delink Debit card from account, at the time of account closure. Q 3) An account gets transferred from Inoperative to operative category, Do the signature also gets transferred automatically ? Ans) No - The user has to manually modify Image Access Code to 'AL' from 'IN' in each of these accounts using menu option IMGMNT . Thereafter verification of the record is also required. Q 4) Which is the Report for knowing history of modification in rate of int. in any account since beginning ? Ans) To know the all modification in rate of interest in any account, A report has been provided at PNBRPT 3/31A. Q 5) The FFD portion of the PNB Smart Roamer accounts is to be treated as a part of current deposits . As per weekly, the amount of PNB Smart Roamer is being shown as a part of fixed deposits, which is affecting the ratio of prime deposits. Ans) As per the existing guidelines Smart Roamer (FD) is part of Fixed Deposit, hence has been included in Fixed Deposit in Weekly/B/Sheet. For determinimg the component of FD part of Auto sweep accounts, use BR, ACS, ACSP menu option (gl_sub_head_code 10100) for scheme codes FDSMR, FLPSO. FLPSS, FDASG. Q 6) The system is not charging Interest in CC/OD accounts and the success report is giving 0.00 amount although interest table code is correct as seen by INTTM. Ans) The Limit Level Interest Flag in ACLHM 'S' details is set to Y but the rate of interest is not given in the account. Hence the system is not charging the interest. Please modify the 25 ACLHM and set limit level interest flag to N and verify so that the system can charge interest in the account as per the Interest Table Code given at the account level in ACI - 0 details or INTTM. The interest for the period till this modification has to be collected procedurally as the system cannot recover the previous interest in the account. Q 7) In a Term Loan Housing/Vehicle Loan account of staff the system has not applied interest. The interest table code the Sanctioned Limit and DP are properly given. When the interest is run through menu option LADGEN the report given by the system is blank. Ans) Rephase the account through menu option ACM sub option E where - mark Y in the 'del' field against INDEM record and modify the PRDEM record with remaining number of installments in the account and amount verify it and then run LADGEN Q 8) When trying to close a SF/CA account the system is prompting the user to run interest. Even after running interest through INTRUN, the system is again giving the same message and not allowing us to close the account. Ans) Please check the Pay Interest Flag in the menu option ACI sub option 0. If the flag is set as Y, please modify it through ACM and set the Pay Interest Flag to N verify it and then close the account. Q 9) While rephasing the account the system is giving Fatal Error Message: "Disbursement date is greater than Maturity Date" in verification mode while committing (F10). Ans) This problem is occured in case of the accounts, where the accounts have been migrated with flow_ids INDEM/PIDEM in the repayment schedule of the account. The resolution for this error is to rephase the account by marking the del_flg as 'Y' for the records with INDEM and/or PIDEM flow id and add/modify the record with PRDEM flow id by entering the number of installments left in the account and by entering the revised installment amount. Q 10) When a TL/DL account is tried to be closed the system is hanging. Ans) In such cases, modify the Collect Int Flag ? in ACM - O details to 'Y' verify and then close the account.
Finacial / Technical News

PNB to foray into credit card business by October Punjab National Bank is planning to foray into the credit card business by October.The new card is likely to be a Visa credit card.The bank also has plans to bring more people under the financial inclusion project through smart cards and mobile banking. As part of its overseas expansion plans, PNB will open new branches in Shanghai and Norway and a subsidiary in Dubai during the next financial year. PNB aims to expand N India base Punjab National Bank aims to expand its base in northern India to provide banking facilities at the doorsteps of people as it declares 2008, the year of financial inclusion. However, PNB aims to cover maximum population in the northern part of the country and provide them banking facilities in the year of financial inclusion. E - Portal For ICT RBI has launched an e-portal (www.ict.cab.org.in) on Information and Communication Technology (ICT) enabled financial inclusion efforts of banks. The e-portal is developed by the College of Agricultural Banking (CAB), a premier training institution of the RBI. The Reserve Bank has been encouraging banks to harness the power of information and communication technology (ICT) for reaching out to the unbanked population. The e-portal is envisaged to be a platform for sharing of knowledge and experience of banks in this area and, therefore, have the potential to aid in leapfrogging the extension of formal financial services to the un-served population 'SAMBHAV' Card For Disabled: Mobile services provider Vodafone Essar launched the 'Sambhav' prepaid card that has been targeted at customers with hearing and speech disability. The card enables customers with hearing & speech disability to use mobile phones primarily for sending SMS. The idea behind that people with speech and hearing disability should not be deprived of the opportunity to communicate. India has 12 million deaf persons and over 25000 deaf children are born across India every year. R RETURN RBI has advised that all AD Category - I banks will be required to submit bank-wide R-Return from the first fortnight of January 2009. Earlier there was an option to
26
either submit Branch-wise or bank-wise R- returns. Rreturns are fortnightly returns submitted by all Authorised Dealer Branches to RBI and are used for compiling Balance of Payment figures. The Happy Planet Index: The Happy Planet Index (HPI) is an index of human wellbeing and environmental impact conceptualized by the New Economics Foundation (NEF). The index challenges well-established indices like Gross Domestic Product (GDP) and the Human Development Index (HDI), which do not take sustainability into account. In particular, GDP is seen as inappropriate, as the ultimate aim of most people is not to be rich, but to be happy and healthy. Conceptually HPI approximates multiplying life satisfaction and life expectancy, and dividing that by the ecological footprint. Bank on mobiles, car batteries for financial inclusion RBI urged the banks to scale up IT initiatives for financial inclusion speedily while ensuring that solutions are highly secure, amenable to audit, and follow widely accepted open standards to ensure eventual inter-operability among the different systems. Apart from lacking banking facilities, most part of rural India also lacks other infrastructure such as a good electricity connection. Considering this, some of the technology solutions were made ready to operate with car batteries IFC to help microfinance firms use IT in rural areas International Finance Corporation, private lending arm of the World Bank, and Financial Information Network and Operations, will soon run pilot projects with microfinance institutions, banks and government agencies to make use of information technologies in rural banking. The focus will be on developing banking solutions that will help microfinance institutions automate government payments, banking and other financial services for rural customers. International Finance Corporation (IFC) is financially supporting FINO, a multibank-promoted company providing smart card-based solutions for financial services in rural areas. The release quoting Manish Khera, CEO of FINO, said the initiative will help microinsurance providers process health insurance claims at lower costs and improve the flow of information to the insurer from the field. "FINO's smart card-based platform will also make social and pension payments more efficient, reducing the cost of transactions and ensuring the end-users receive payments on time", he added January - March 2008
Training Calendar (April 08 - June 08)

Channel-I: CBS Training
(For Punjab National Bank functionaries only)
Prog# Start Date 531 532 533 08.04.08 15.04.08 21.04.08 End Date 12.04.08 19.04.08 26.04.08 Days Title 5 5 6 Participation level
CBS - Credit module, DBA Branch Functionaries activities and IT Initiatives Leveraging Technology NEFT/RTGS/ECS etc CBS for Staff of newly migrated or going to be migrated branches CBS for Staff of newly migrated or going to be migrated branches Brnach Functionaries Branch Functionaries
534
28.04.08
03.05.08
Branch Functionaries
535 536
05.05.08 12.05.08
10.05.08 17.05.08
6 6
CBS - Credit module, DBA Branch Functionaries activities and IT Initiatives CBS for Staff of newly migrated or going to be migrated branches CBS for Staff of newly Migrated or going to be migrated branches CBS for Staff of newly Migrated or going to be migrated branches CBS for Staff of newly Migrated or going to be migrated branches Branch Functionaries
537
19.05.08
24.05.08
538
26.05.08
31.05.08
539
02.06.08
07.06.08
Branch Fundtionaries
540 541
09.06.08 16.06.08
14.06.08 21.06.08
6 6
CBS - Credit module, DBA Branch Functionaries activities and IT Initiatives CBS for Staff of newly Migrated or going to be migrated branches CBS for Staff of newly Migrated or going to be migrated branches Branch Fundtionaries
542
23.06.08
28.06.08
Branch Fundtionaries
27
Training Calendar (April 08 - June 08)

Channel - II : IT Training
(For All Banks)
Prog# Start Date End Date Days 543 544 545 546 547 548 549 550 551 552 553 554 08.04.08 15.04.08 21.04.08 28.04.08 05.05.08 12.05.08 22.05.08 26.05.08 02.06.08 09.06.08 16.06.08 23.06.08 12.04.08 19.04.08 26.04.08 03.05.08 10.05.08 17.05.08 24.05.08 31.05.08 07.06.08 14.06.08 21.06.08 28.06.08 5 5 6 6 6 6 3 6 6 6 6 6 Title MS Office Proficiency and Internet CBS Refresher CBS Refresher MS Office Proficiency and Internet CBS Refresher MS Office Proficiency and Internet Integrated Risk Management - Basel II MS Office Proficiency and Internet CBS Refresher CBS Refresher MS Office Proficiency and Internet CBS Refresher Participation level Branch Functionaries / Administrative Officer Branch Functionaries / Administrative Office Branch Functionaries / Administrative Officer Branch Functionaries / Administrative Officer Branch Functionaries / Administrative Officer Branch Functionaries / Administrative Officer Branch Functionaries / Administrative Officer Branch Functionaries / Administrative Officer Branch Functionaries / Administrative Officer Branch Functionaries / Administrative Officer Branch Functionaries / Administrative Officer Branch Functionaries / Administrative Officer
APPEAL
e-track business of future strives to publish articles / papers to keep our readers abreast of current development in the field of Banking and Information Technology. We solicit articles / papers from our readers. Articles may be of about one thousand words and is suitably remunerated. Editor
28

E-Tr CK A: Vol. VI No. 1 January - March 2008 Quarterly Journal

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

E-Tr CK A: Vol. VI No. 1 January - March 2008 Quarterly Journal

Diunggah oleh

Hak Cipta:

Format Tersedia

k c a r e-t

vol. VI no. 1 quarterly journal January - March 2008

From the Editor

punjab national bank institute of information technology

Thought For The Quarter

Pratima Trivedi e-mail : pratima_facultyit@yahoo.co.in

January - March 2008

from executive director's desk

he creation of customer value provides the

potential for profit generation. In order to

optimize profit it is essential to create more

January - March 2008

from director's desk

had a profound impact on the Indian economy. With a view

Ajay Misra e-mail : bankingtech@pnbiit.co.in

January - March 2008

Developments in Payment and Settlement Systems in India

January - March 2008

January - March 2008

Principle Not complied

Payment Systems in India - Key statistics

January - March 2008

92 + 8 PDs 89 8000+ 38000+

26.63 96.78 negligible 33015 393335 460079

January - March 2008

Definitely will be hacked 76-99% Chance

51-75% Chance 26-50% Chance 11-25% Chance 1-10% Chance

No chance of being hacked

Frequency of Ethical Hacks

Frequency of Ethical Hacks by Annual Security Budget Size

22% 19% 23%

Less than once a year Annually

Less than once a year

Management does not value this service

39% 34% 27% 26%

53% 58% 55%

13% 15% 19%

Don't have manpower / skills to fix potential vulnerabilities

22% 39% 22% 33% 22% 21% 2005 22% 9%

Don't have the funds to fix potential vulnerabilites

Ethical Hacking Strategies and Benefits

Frequency of Ethical Hacks

80% 60% 40% 20% 0%

No particular strategy Rotate vendors on a regular basis

Choose the best vendor and stick with them

35% 34% 12% 17% 14% 16% 20%

Second-ranked benefit Third-ranked benefit

January - March 2008

Percentage of Security Budget Used for Ethical Hacking

21-30% 11-20% 6-10% None

WHAT HAPPENS IN HEAVEN

January - March 2008

Slicing for CDO

January - March 2008

Default S.P L High Rating

Default S.P L Rise in Asset Pric

January - March 2008

"Think About It"

January - March 2008

E-CRM New Technology Innovation in the Banking Industry

January - March 2008

January - March 2008