One piece of analysis that caught my eye was done by Nanex (the creator and developer of NxCore, a streaming whole market datafeed) who claim to have uncovered a phenomenon they call “quote stuffing”. This entails generating a very high number of quotes for a single stock for a short period – e.g. as high as 5,000 quotes per second – that are away from the market price. Nanex argue that there is no normal economic justification for this, but that it may be a deliberate tactic by one trading firm to overload its competitors systems with large amounts of irrelevant quote noise. The originator can ignore these quotes as they know they deliberately generated them, but its competitors need to process them all to work out if they are relevant. In this way, they argue, one trading firm can generate a competitive advantage over its competitors as it can process normally whilst the others are overloaded. However, not only would this be anti-competitive, but also if multiple firms all started to do this at the same time then the market would grind to a halt. To avoid this, Nanex propose a small but they say effective technical change to the validity of quotes. This is in contrast to other proposals from regulators and politicians. For them, despite the absence of definitive proof of the causes of the Flash Crash, they claim they know what the cure is. Surprise, surprise it is more regulation.

This article was originally published in the MPI Financial Sector Bulletin to register go to http://www.mpi-europe.com/register.asp

The following key trends were identified:

- Use of commission sharing agreements (CSAs) is well-established for sophisticated buy & sell side firms
- Market’s use of CSA’s set to continue to increase over next year at least, with over half of the respondents saying they thought CSA’s increased efficiencies in the investment process, particularly for asset managers.
- Better integration into trading process and greater market standardisation were seen as two of the key areas that will have significant process impacts, if they can be addressed effectively.

For more details read the press release

The cooperation will pave the way for an interoperable and contactless payment environment for mobile phone users of Korea and Japan, allowing customers to enjoy easy and convenient payment and services such as coupon benefits, without the need of renting and changing phones when visiting the two countries.

Besides the contactless payment solutions currently in use in Japan and Korea, Combi Card, the signing companies have confirmed their intent to cooperate on developing a new type of integrated mobile card and coupon solution based on Near Field Communication (NFC) technologies, allowing for interoperability in both countries.

The singing companies will offer a new mobile NFC solution that is operable on handsets embedded with a NFC card and RFID function. When the NFC-based payment system roll-out is complete, NFC phone users in Korea and Japan will be able to make mobile transactions after downloading a mobile payment application to their phones. Mobile coupons, membership discounts and mobile gift vouchers, which are already in use in Korean and Japanese markets, will also be available via NFC handsets.

Hong Sung Chul, executive vice president and head of service division of SK Telecom, said: “It is encouraging that mobile carriers of Korea and Japan have joined hands to promote mobile payment business. We hope this cooperation can become a strong springboard for boosting the overseas growth of SK Telecom’s comprehensive mobile payment service, T smart Pay, starting with the Japanese market.”

A report by Ovum, entitled The Malware Threat to Mobile Banking, also calls for more collaboration, saying that banks providing m-payment services need to begin working with mobile network operators and handset manufacturers to enhance security measures ahead of an anticipated explosion in malware threats.

The analyst firm believes that mobile banking and payments is inherently vulnerable because handsets can be stolen, lost or hacked more easily because they are used in situations that are typically less secure than an office or household computer. This is why the report’s author Graham Titterington, is calling for banks, network and device vendors to cooperate more fully, perhaps emphasising better encryption to stop ‘over the air’ mobile hacking and better keypad locking techniques and so forth. He also emphasises this is not just an end user issue, warning that malicious software could infect a bank’s entire operations, via the mobile channel, unless security is enhanced. “IT malware that compromises back-end servers, but is harmless in the wireless environment, may be passed through the interface,” he said, adding that mobile phones had become powerful enough to constitute a standalone security threat to entire IT architectures.

Ovum advises that layered defences have to be designed to a standard that is at least equivalent to that presently deployed for internet banking, but these security measures should not just be a simple copy and should be specific to the mobile channel and its characteristics without impairing end user usability. Quite a challenge then, but better encryption and cooperation is a good place to start.

For the full report, please see FSTech Magazine

I’m reliably informed that in a city of one million residents, on average an additional thousand cars a day are added to the transport infrastructure. And as a recent victim of one of those “newbies” you realize that the chances of something going wrong increases every day.
And in the world of IT security the same situation applies. In a recent analysis by a global financial organization they have estimated that the number of digital certificates for SSL encryption that they use will increase by 100% over the next two years. The growth is driven by several factors such as, mergers and acquisitions, an increase of encrypted channels, baseline compliance enforcement, and the utilization of certificates for service client authentication.

SSL is a form of encryption that is used to encrypt and decrypt and is also referred to as Public Key Cryptology (PKI), and is used for services such as web services, encrypted email, etc.

The challenge for virtually every organization is how to reduce outages caused by the inefficient management of digital certificates within the business. Due to the lack of automation, these organizations have many engineers performing certificate renewals, resulting in the inefficient use of these resources whose time could be spent on other tasks.

Yet in spite of having a “flock of IT staff” performing these renewals the analysis has shown that these organizations suffered hundreds of hours of production outages, directly related to expired certificates and/or the certificate management processes in a six month period!
And these outages are increasing exponentially as the number of certificates being managed by the business increases. The result is that without automation of these processes the problem is only going to get worse and more organizations are going to suffer from both increased negative financial and reputational impact

So my advice would be for organizations to automate the process of certificate management to reduce the “accident rate” After all if more of us went by train there would be less chance of being the victim of somebody who wasn’t paying full attention when they were “behind the wheel”.

Read more here

For the full report, click here

Bank of America, Europe’s largest credit card provider under its MBNA subsidiary, is offering a new mobile banking text service to European cardholders, via a partnership with Oxygen8 Communications, the micro-billing and mobile enablement specialist. Users can request account information by SMS, get alerts, and benefit from a text message-based fraud prevention service.

The mobile banking text service from Oxygen8 acts as a gateway to information between Bank of America and its five million MBNA European cardholders. Customers can initiate requests for account information, including balance, payments and transaction details via an SMS request to a dedicated mobile short-code number, or to a more traditional mobile should customers prefer to take advantage of any text messages included within their mobile plan. The flexible service can also send out alerts, as was the case recently when the bank used it during the recent volcanic ash cloud disruption in Europe, as a means of keeping in contact with its customers while they were abroad, often relying on their cards to keep them sheltered and fed.

“As the market evolves with new and improved technology, our customers’ expectations change too,” says Phil Weston, head of mobile services at Bank of America, when explaining the rationale behind the new service. “Customer research has shown that people want far greater choice about how and when they obtain account information. Through mobile messaging, and the web and voice recognition services we offer to check identities and prevent fraud, we are investing heavily in meeting our customer demands.”

To compare the opposing camps, one should run a Sanity Check to test their perceptions. First of all, ask the question – have there been any serious security breaches outside the Cloud, associated with internal hosting facilities – Answer Yes! OK, so now consider Cloud – are we saying that there are no opportunities for insecurity to exist in a Cloud Managed Services – No, we are not – The ideal of achieving 100% Security, for 100% of the time is simply a myth.

It all comes down to the levels of real time operational security which are delivered to support operations, and here it just may be the case that the Cloud offering has the edge. Consider, the average business, who must deploy IT as a necessary evil, to underpin business operations – and at times, the element of security may come a poor second to some urgent business need, and security just may cut some corners!

In a well-managed Cloud environment, no such Business centric pressure exists – Cloud objectives and vested interests are to deliver operational uptime, and security, aligned the individual client contracted obligations. As with outsourcing, businesses found by leveraging the required level of Governance, Control, and Security Ownerships, it was possible to contract, and obligate security services that met their demands – and given time, linked to options of third party security assessments, such as those provided under CAMM, this will be achievable.

For more information on Cloud Security – visit www.common-assurance.com.

Professor John Walker FBCS CITP CISM MFSoc A.IISP ITPC MIoD

Member ENISA CEI Listed Experts – http://www.enisa.europa.eu/

ISACA Security Advisory Group

e-victims Advisory Council

CTO of Secure-Bastion

Considering such current, and growing dependencies, would it not seem to suggest that this invisible labyrinth of the interconnected grid representing the Internet, running through just 13 Root Servers, would seem to be an excelled target for Criminals and Cyber Warriors alike? Is it not the case that as a social, and economic Nation, or International Community, the ungoverned Internet now, in places, may be considered Critical Infrastructure.   Above all, could this be the next platform of serious escalations of conflict in the form of Cyber War? Who knows, but one thing is for certain, with ever more advances of dependency, use of Cloud based environments, linked to increasing dependencies on distance located Services, Infrastructure and Platforms, one fact is real – they make ideal potential targets to strike at the very root of an Economic Critical Infrastructure, Services, and in pure insurgency terms, to break down, and impact the morale of a Nation or State.

In the opinion of many, the prospect of a future Cyber War is very real, and whilst it may not be considered a present danger today – to dismiss, or ignore its potential just may be one mistake we can never reverse in the future!

For more information on securing the new emerging World of Cloud – visit www.common-assurance.com.

Professor John Walker FBCS CITP CISM MFSoc A.IISP ITPC MIoD

Member ENISA CEI Listed Experts – http://www.enisa.europa.eu/

ISACA Security Advisory Group

e-victims Advisory Council

CTO of Secure-Bastion