Wednesday, May 29, 2013

When the going gets tough …

Following posts (ATMmarketplace, realtime.ir and comForte Lounge, as well as commentaries to LinkedIn groups) on the $45 Million heist from ATMs, it is appropriate to wrap-up this story with input from a party directly involved …

It is rare that I am ever at a loss for words, especially after alighting from a car following a quick dash through the countryside. However, this past weekend, the Memorial Day long weekend, I participated in our club’s three-stage fun “rally” deep in Moab, Utah’s, surrounding national parks where I proceeded to head in the wrong direction. However, there was nothing wrong with what we saw as we traversed the landscape!

Margo and I were new to this club so when the instructions arrived, we saw there was incorrect information provided and confused as we were with what we saw, we pressed on regardless only to turn an easy, 53 plus mile segment, into a marathon 250 plus miles. I had to really drive hard to redeem some of my self-esteem so that I could face my fellow drivers later in the day.

On the other hand, I hadn’t given up electing to correct my error and to aggressively pursue making amends for my mistake. While this is easily said and done, when it comes to games, events of this past week highlighted the importance of taking similar actions in business. I have to believe almost everyone has heard by now that following the acquisition of Chrysler by FIAT among the very first decisions made by the new parent was to give the green light to the Chrysler division, SRT, for the development of a new Viper high performance car – a “halo product” for the reinvigorated manufacturer.

However,
when one magazine secured a new SRT Viper to test it on the famous Mazda Raceway Laguna Seca course in Monterey, California, its performance wasn’t quite up to the expectations, with the new SRT Viper failing to match the lap times of a previous generation Corvette ZR1. Ouch! How did the SRT CEO, Ralph Gilles respond? According to the magazine, Gilles response to the bad news was a showcase for what we should expect from our business leaders.

True, the initial response by Gilles was that GM and Corvette cheated, but then the magazine reported, “Here’s the important part. People like Ralph Gilles get where they are (president and CEO of SRT and vice president of Design for Chrysler) because when the going gets tough, they roll up their sleeves and do something”. A well-worn cliché for sure, but then the reporter went on to add, “In this case, Gilles pushed a new car out the gates in just nine weeks … Ralph tweeting (the magazine’s) editor-in-chief and me, ‘You forced me to build this!’”

Yes, this new Viper, what SRT now calls the Viper TA (Track Attack), was able to circulate Laguna Seca faster than the much-lauded Corvette ZR1. However, when it comes to IT, there have also been headlines of late that have drawn equally a hands-on response, and one that is worth recognizing.

Readers who check out my postings to other blogs would have been hard pressed to miss the column inches I have devoted to following up on the recent fraudulent raids perpetrated on the global ATM network. As I observed in my first post to comForte Lounge, Are you still sure you are secure?,  there was a global raid on ATMs with criminal gangs fraudulently pilfering $45 million in two separate attacks; the first on December 21, 2012, that netted $5 million, with the second on February 14, 2013, a much bigger attack, that netted an additional $40 million.

I devoted all of my most recent post to ATMmarketplace, Cruising to EMV eventuality? , to the same topic where I referenced a USA Today reporter who quoted Brooklyn U.S. Attorney, Loretta Lynch, as having said “
In the place of guns and masks, this cybercrime organization used laptops and the Internet. Moving as swiftly as data over the Internet, the organization worked its way from the computer systems of international corporations to the streets of New York City.”

Lastly, in the post to realtime.ir, We need to step up our monitoring – the crooks are getting smarter!, I referenced a May 9, 2013, article in the New York Times where the reporter said, “Beyond the sheer amount of money involved, law enforcement officials said, the thefts underscored the vulnerability of financial institutions around the world to clever criminals working to stay ahead of the latest technologies designed to thwart them.” What also came out in these reports were references to social media exploitation with the possibility that this was the first ever reported “crowd-sourced criminal attack” on a financial institution.  

These raids,
on the world’s ATMs, represented theft of an unparalleled nature. Caught up in the storyline, unfortunately, were our good friends at ElectraCard Systems (ECS), out of Pune, India. ECS were the payment processor supporting RAKBANK out of the United Arab Emirates where criminals helped themselves to $5 Million. Central to the theft were prepaid cards that criminals had manipulated to allow unlimited withdrawals – no matter how much cash was withdrawn from an ATM with these prepaid cards, there was always more cash available.

With ECS now very much in the headlines, I reached out to the ECS executives for further information. What impressed me, as I began a dialogue with ECS, is how quickly they have responded to news of their involvement. As soon as the second raid took place, this time on the Bank of Muscat, operating out of Oman, where $40 Million was stolen, ECS issued a press release. Yes, ECS had been involved in the first, smaller, attack and yes, ECS now knew how it was perpetrated and yes, ECS was working with agencies around the world even as ECS carried out a forensic exercise to determine the impact on card holders as well as users of ECS software. Furthermore, in accordance with agreements in place, ECS was pursuing recertification with the likes of VISA and MasterCard to ensure no further damage.

In an interview I had with ECS Senior VP, Madhu Gopinath, as the news was breaking, he told me “When it comes to open-loop prepaid cards, there’s a fine line between growing a marketplace, embracing new populations of users, and the risks involved.” Madhu then gave me the link to the ECS  press release on Sunday, where ECS had assured users that “the PIN and magnetic stripe data seem to have been compromised outside the ECS processing environment.”

I now fully understand how the attack succeeded, but as I have already told others, the fact that I do know doesn’t obligate me to share any of the details. For the NonStop community what I can talk about is that even as the ECS product, Electra, runs today on NonStop, on this occasion, ECS was supporting RAKBANK from an implementation running on Unix. Having said this, I have to also admit that I don’t think the choice of platform would have produced a different result – NonStop could have just as easily been compromised.

However, what really impressed me was how ECS CEO, Ramesh Mengawade, like SRT’s CEO, Gilles, moved quickly – calling in the authorities, issuing a press release, and giving commentators like myself immediate access to key executives, including Madhu. At no time did ECS tried to duck key questions or ignore any of my requests. On the contrary, Madhu was quick to assure me that, “
No other clients were impacted, and no end-customers or individuals were affected at all; some of our customers just use our software; there was absolutely no impact to them.”

It is easy to get lost, just as it’s easy to accept inaccurate information. When it comes to money, there will always be those within our society only too willing to try to steal it. However, when fraudulent activities on this scale are uncovered, it isn’t always easy to confront the marketplace. Particularly when you are obliged not to discuss specifics, even as criminal investigations remain on-going, and your ability to provide explanations may be limited.

With this in mind, it is refreshing to see just how forthcoming ECS has been, and I have to believe such willingness to be as transparent as they have been encourages others to do so in the future. Not all of us feel comfortable rolling up our sleeves even as the going gets tough, but on the other hand, isn’t that what we expect from all of our industry leaders?
 

Tuesday, May 14, 2013

It’s Showtime! NonStop takes on Vegas!

With the 2013 HP Discover event only weeks away, even as many NonStop users remain undecided about their participation, I continue to rank participation highly! See you there …

This past weekend I overnighted briefly in Las Vegas. Business took me to Southern California for both, track time and client meetings. However, the impressive skyline of Las Vegas is hard to miss and it was easy to spot the Venetian and Palazzo hotels – the site for this year’s HP Discover event that will kick off in about a month’s time.

I have already spent several weekends in Las Vegas this year and the picture above, that I took a short time ago, is of the Bellagio fountains with the Paris hotel in the background – sites that are just a little further south along the famous Las Vegas strip. It was following the ITUG event of 2005 that a group of us rode motorcycles from San Jose back to Boulder, and the only regret I have to this day is that we didn’t avail ourselves of the opportunity to cruise the bikes down the strip, and of course that Margo could not make this trip!

However, when it comes to HP big tent events, I never have any regrets about taking time away from my daily routines to listen to what HP has to say. The stories that I write after the event often feature quotes from HP executives and for me, it’s just so important to hear them first hand, unfiltered, in context, and then to immerse myself in the discussions that almost immediately follow as we spill back out onto the exhibition floor.

Earlier in the week, I posted to the comForte Lounge blog site
The future is moving fast … where I remarked on how I am never surprised by what transpires at big tent marketing events, like HP Discover, and I am never surprised to see familiar faces as I walk into sessions or onto the exhibition floor. Last year, I then added, I was pleased to see such tangible support for the NonStop platform clearly visible in technology presentations and product demonstrations and I am hopeful that once again, such tangible evidence is on show for all within HP to see. But will we enjoy a similar experience this year? Will NonStop be as visible as we all would like it to be?

Whenever I think of Vegas, I think of entertainment – the many shows that are on hand. Last year Yash Kapadia, CEO of OmniPayments Inc., entertained many of us at the Cirque du Soleil performance, Elvis. “The opportunities to network make HP Discover too important to miss,” Yash told me at the time. “As for the event this year, I hope to be able to convey to HP just how much success we have enjoyed from deploying on the NonStop system!” Coming back to the hotel after the performance by Cirque du Soleil I couldn’t help but wonder, how many folks within the HP community realize that NonStop continues to support some of the biggest casino operations or just how dependent the flow of money along the strip is on NonStop systems?

For many within the NonStop community, the big event for the year will be the
NonStop Advanced Technical Boot Camp in San Jose, CA, on November 3-5, 2013, with perhaps many among the NonStop community electing to skip HP Discover. Scanning the program for the Vegas event doesn’t produce all that much NonStop-specific content. However, there’s more to these events that the keynotes and product sessions – just having an opportunity to catch up with senior HP executives makes participation worthwhile. When the curtain goes up for the first time then yes, it’s showtime for HP, but it’s also a showtime for NonStop.

Last year, three of the four examples in the opening presentation of customer usage of HP products made by HP CEO, Meg Whitman, featured well-known NonStop users and it triggered a lot of discussion amongst the attendees – anyone with knowledge of NonStop was only too happy to make all other attendees aware of this fact. Not the least being me, of course! In the moments immediately following this presentation I happened upon Mark Brayan, CEO of IR, and this fact hadn’t escaped him either.

A short time ago HP took the decision to reshuffle the organization once more, and this time, it directly affected the NonStop community. In a
press release of April 29, 2013, “What used to be HP's Business Critical Systems (BCS) and Industry Standard Server (ISS) units are now one business called HP Servers. Mark Potter, formerly senior VP and general manager at ISS, will lead the combined server unit, also as senior VP and general manager … Products under this unit's wing will include HP's microservers called Moonshot, its ProLiant and BladeSystem x86 product families and the Integrity product line.”

For many reasons I laud this decision. As I recently expressed in a private email to my clients, I never did like the concept of there being an “Industry Standard” group where NonStop didn’t participate. It just made no sense, given all the commoditization that has occurred within NonStop! Of course, the obvious question that follows this announcement has to be how will this help NonStop? Will there be anything we regret with the demise of BCS?

I have spent a lot of time talking with the NonStop vendor community and there is no escaping the doubts surfacing over the take-up of NonStop among Global 1000 companies. However, I am not sure whether this is a communication issue or just a short-term pause – after all, the acceptance level of the NonStop BladeSystems has been extremely high across all GEOs. Perhaps these doubts about the success of NonStop have more to do with users coming to terms with just how much NonStop power they now have on tap and having business managers turning to them for support of further mission-critical applications. Ask any HP executive associated with servers, and they remain firmly bullish on the prospects for NonStop.

In the same press release of April 29, “HP also announced that it will align its two server businesses under a single leader to increase the speed of transformation of the server industry and drive profitable growth.” Will this alignment be enough to ensure a future for NonStop? After all, and for many years now, the mantra of NED was all about ensuring NonStop remained profitable, reiterating that without being profitable there will be little likelihood of any future for NonStop at all. From where I sit, I have to say, I think so!

HP Discover is now just a few weeks away and it will give HP the opportunity to showcase its products, its technology, and its new organizations. Catching up with HP executives is likely to prove imperative for many within the NonStop community. I will be busy, as will a number of my clients (I am sure Yash will not be alone promoting his success stories), but for those from the NonStop community who will participate – look for me in the Bloggers Lounge as I would welcome every opportunity to catch up with you. After all, it will be showtime and I wish all those planning on attending, safe travels!