By Bob Evans, SVP and Director, InformationWeek’s Global CIO September 22, 2009

Archaeologists recently found a stone tablet dating from about 2,500 years ago bearing the message, “The job of the CIO is to align IT with the business.” And it seems that for just about all of those 2,500 years, that’s been pretty good advice that CIOs from across all industries have taken to heart.

But just as those 2,500-year-old systems and applications in the basement no longer match up to the needs of today, neither does that ancient wisdom about alignment — which is starting to break down under new business realities, new market dynamics, new customer expectations and new technologies.

Someone is bring the smackdown this Friday and I love it. Great article that all CIOs & IT folks can learn from. Have a great weekend!

“More and more Americans are using mobile devices for banking, and we want to be there for our customers where and when they need us – whether they are waiting in line at a store or traveling by bus,” said Arah Erickson, vice president and head of Wells Fargo Retail Mobile Banking. “The added ability to transfer funds while on the go will be especially helpful for parents who have kids in college this fall as well as for students who need quick access to money at the last-minute to cover living costs, textbooks, or to split an expense with a roommate.”

Wells Fargo Mobile customer-to-customer money transfer service is free*, fast, safe and easy-to-use. Customers simply log-on to online banking, add the account number of the customer to whom they wish to transfer money and make a first-time transfer. Subsequent transfers can be made from customers’ mobile devices by logging onto WF.com and following the prompts, or online from their computers. Customers can transfer up to $1,000 daily to another customer the moment they think about it, taking it off the “to do” list.

This makes total sense to me. After services like Obopay and Kiva that are leveraging mobile I was wondering who’d jump on this first BofA or Wells. To take it internally only is smart on their part as well as it allows them a test bed without worrying about cross-network issues.

Reminds me of our collaboration mantra too: Until you effectively learn to collaborate internally can you respectfully collaborate externally.

A+ to Wells.

- Brad Garland

Intuit will acquire the free online personal finance service Mint, we’ve confirmed from a source close to the deal, for around $170 million. Silicon Alley Insider first reported a rumor on this. The deal should be announced in the next few days.

This is a terrific exit for Mint, which first launched two years ago at TechCrunch50. Mint took the top prize at that event and has been growing fast ever since. Their last round of financing valued the company at $140 million.

In all, Mint has raised $32 million over three venture rounds.

Earlier this year Mint and Intuit had a humorous clash over Mint advertising claims of gaining 3,000 new users a day and jumping from 600,000 to 850,000 users in a matter of months. Intuit sent a letter to Mint demanding an explanation for this apparently inconceivable feat, which we obtained and printed here.

We have just one question for founder and CEO Aaron Patzer, though. Can we please have our $50,000 grand prize back? It seems like you don’t really need it any more.

Wow, $170 million. For an online banking replacement? Bankers take note!

No Bank Account Needed

Other Nokia executives portrayed the new product as just one in a series of initiatives. Potentially more momentous in global terms is Nokia’s push into mobile banking. Similar services in countries such as Kenya have been hugely successful because they let people without bank accounts do money transfers, make purchases, and carry out other simple transactions using text messaging.

I’ve long said that as it currently stands, it’s going to be nearly impossible to become PCI compliant using any of the cloud based solutions.  Scanning, auditing and even the contractual requirements of PCI guarantee that you won’t be able to be compliant if you’re using the cloud.

Great article showing the transparency of Amazon when it comes to stating that they can’t ensure PCI compliance via their EC2/S3 services. Why would they want to do though? They’re on-demand type of services that would not make sense for Amazon to do. I think cloud based compliance is a possibility and we are working to solve this problem ourselves! :)

2. Governance. Many organizations now understand that anything that can and will be said about them on the internet will be. The good, the bad, the ugly. And this includes content produced not only from the general public, but also from internal constituents such as employees. Organizations will not only need to begin actively listening so that they are in the know, but they will need rules of engagement for how they deal with multiple types of scenarios from responding to a compliment to dealing with a detractor to following up with an employee who just posted something inappropriate or sensitive.

This is a good article in itself but the second point here really got me thinking about our industry in regards to the compliance side of this business.

We have built our company around the fact that our clients were needing someone to have expertise and experience around particular financial services technology environments but our focus has generally been internal. Does this change things? Does this begin the shift to external communications being infused in the compliance process?

With a new level of transparency available to businesses comes a new level of compliance concerns.

August 13, 2009 - 10:16 A.M.

Heartland CEO gets a smackdown after his CSO interview

3 comments

• TAGS:blaming QSA, Heartland, PCI DSS, Robert Carr
• IT TOPICS:Cybercrime & Hacking, Government & Regulation, Security

If you are reading this, you probably know about Heartland Payment Systems and the credit card system breach they suffered in late ‘08 - early ‘09.  There a lot of details to be found, so I won’t rehash it all.  So let’s just focus on one point: Heartland had been declared PCI compliant before the breach.  And that is the focus of Robert Carr, Heartland CEO, in his interview with Bill Brenner at CSO Magazine.  He places the blame for his breach squarely on PCI DSS and the QSAs (Qualified Security Assessor) that audited Heartland’s PCI compliance.  And that is why Rich Mogull got out the can opener and proceeded to open a big can of whoop-a$$. 

Honestly, Rich has already done a better job than I could do on explaining why Mr. Carr’s statements were misguided at best.  So I will just point out a few quotes and leave you to read the interview and the post. 

With the increasing number of collaborative business models, information databases and social networks, sharing and managing identity and access information has become critical. Compliance regulations, Sarbanes-Oxley, Basel II, FISMA, HIPAA, PCI/DSS and the like, play a larger role when establishing processes and controls to mitigate internal and external risks.

Seems so logical to me, why do people fight this so much? This passage resonated with me the most:

“Plan
The first step in IAM governance is establishing agreed-upon business objectives and priorities, including executive sponsorship. Then the organization should perform an internal process and data discovery assessment and examine the processes for bringing users into and out of the organization.”