The Free Market Gang

It is quite difficult for me to write about the state of our current free market without making reference to the corrupt politicians as the enablers of this greedy system. However, I will change course this time, refrain from complaining and try to offer solutions based on my juvenile understanding the economics and the politics of the United States.

The definition of what a corporation is, its activities, liabilities, and main mission needs to change. As it stands today, a corporation is a person who has no soul and no cognitive understandings of ethics. Its main mission is to increase share holder value.

The above rules of engagement are an open invitation for greed and unethical conduct. I can guarantee you that no Nike shareholder is complaining about how Nike exploits the poor people of Thailand. As long as the dividends payments keep coming in who cares how the money is made.

Liabilities should be set on those running the corporations so that their decisions are taken with a certain rational in mind. Had we learned anything from the Exxon disaster in the late eighties we wouldn’t have had BP; we set a timid limit on what oil companies are liable for when they cause accidents. What is 80 some million dollar in penalties to a company that makes tens of billions in profits a year? Of course they will happily pay the penalty.

No need to get into investment banks that engage in phantom activities that produce product and services that add no value to our society.

Perhaps, the business leaders of this country need to reflect back on history and look into the souls of the founding fathers of this land. Those people truly and ethically tried to create a system that benefits the common man and that’s what made this country great.

Perhaps, Dr Mohammed Yunus -a banker and Nobel peace recipient- is just one of those leaders who advocate the need for social-value driven businesses along with profit driven business. In a spectacular lecture before the commonwealth club he showcased in details many of his successes in offering opportunities to the poor mainly women so that they can run small businesses and thus educate their children and prepare them to become vital elements of society. I think we need more of him.

Ahmed Tantan

IF

If you can keep your head when all about you
Are losing theirs and blaming it on you;
If you can trust yourself when all men doubt you,
But make allowance for their doubting too;
If you can wait and not be tired by waiting,
Or, being lied about, don't deal in lies,
Or, being hated, don't give way to hating,
And yet don't look too good, nor talk too wise;

If you can dream—and not make dreams your master;
If you can think—and not make thoughts your aim;
If you can meet with triumph and disaster
And treat those two imposters just the same;
If you can bear to hear the truth you've spoken
Twisted by knaves to make a trap for fools,
Or watch the things you gave your life to broken,
And stoop and build 'em up with wornout tools;

If you can make one heap of all your winnings
And risk it on one turn of pitch-and-toss,
And lose, and start again at your beginnings
And never breathe a word about your loss;
If you can force your heart and nerve and sinew
To serve your turn long after they are gone,
And so hold on when there is nothing in you
Except the Will which says to them: "Hold on";

If you can talk with crowds and keep your virtue,
Or walk with kings—nor lose the common touch;
If neither foes nor loving friends can hurt you;
If all men count with you, but none too much;
If you can fill the unforgiving minute
With sixty seconds' worth of distance run -
Yours is the Earth and everything that's in it,
And—which is more—you'll be a Man my son!

—Rudyard Kipling

Credit Card and ACH Tokenization

In today’s economy, companies are more and more offering their products and services via electronic means. In essence the entire economical spectrum is growing aggressive over how fast and how many transactions can be executed over a time period, and thus companies made every effort to ensure service Availability to drive in more revenues. But this e-commerce surge came at the expense of customer data Confidentiality.

In the last few years the e-commerce industry witnessed some blockbuster data breaches. Without naming any particular institution, the extent of these compromises was devastating and affected millions of consumers and ultimately cost merchants millions of dollars. The number one reason behind these breaches by decree of industry experts is the merchant’s inability to effectively store and protect cardholder data.

PCI-DSS is the de facto industry standard for the security and the protection of cardholder data. In effect, every entity that stores, transmits, or processes credit cards is subject to compliance with PCI-DSS requirement put forth by Visa and MasterCard, or risks losing the ability to accept credit card as a form of payment, or even worse, in the case of compromise, getting slapped with hefty penalties along with a major blow to its reputation.

PCI-DSS requirements are very strict and highly encourage NOT storing cardholder information unless there’s a business need to keep it. Many merchants feel that they must store cardholder data for a reason or another, but this decision comes at the high cost of becoming compliant with PCI 200+ requirements. Based on surveys the average cost of PCI compliance is around 500,000 but it can be in the millions depending on the size of the complexity of the organization.

Payment Processors have developed and perfected a Tokenization solution that alleviates the costs and the challenges associated with storing customer payment account data including ACH and Credit Cards. The Payment Processor encrypts and stores cardholder data in a highly secured environment and returns a unique token per payment account number. The merchant can store this token and use it to invoke future payments or refunds. Most importantly, in the event of theft this token is of no value to criminals. So they can’t use it to make purchases or sell it to some other entity.

Payment Account Tokenization Step by step:

• Merchant transmits a payment transaction over a secured channel (SSL)
• The processor processes the payment and stores the payment information in a high security PCI compliant environment.
• The storage server or servers return a unique token to the Merchant
• The merchant stores the token instead of Credit Card or Bank Account Information
• The merchant uses the token for future payments or for refunds as needed.

In addition to the obvious risk reduction from not having to store cardholder and ACH data the Merchant’s PCI compliance process is dramatically simplified and less costly.

Ahmed Tantan is co-Chief Information Security officer in charge of compliance at PayDQ a level 1 Payment Processing company in council bluffs Iowa.

www.paydq.com

Morocco to create new financial hub

It is a great idea and an awesome opportunity for Morocco to attract foreign investments as well as stir up the financial industry locally. Especially that Morocco is in the process of launching a fantastic solar energy program which should spur energy and carbon credit trading.

However, as the article states, a major new infrastructure needs to be created. Based on my experience with American financial market, confidence in the rules governing the system is the most important factor in the market. Without confidence there’s no trade, no trade means no investments. The number one reason the US government issued the TARP just so investors do not lose confidence in a market that is mainly based on trust.

Thus, Morocco will need to acquaint itself with three concepts that it only knows in theory but not in practice; TRANSPARENCY, INTEGRITY, and ACCOUNTABILITY.

A market that does not employ these three concepts in its fundamental makeup (infrastructure) is doomed to fail.

Ahmed Tantan

Ahmed Tantan. The internet is not a lawless prairie

As a security professional with special interest in internet privacy and the challenges it poses I find this article quite interesting or may be even a turning point in what I believe is a much needed move to bring order to this chaotic internet.

http://www.cio.com/article/590609/Milan_Judge_the_Internet_is_Not_a_Lawless_Prairie

Ahmed Tantan

Does IT really suck

http://www.computerworld.com/s/article/9141609/Opinion_The_unspoken_truth_about_why_your_IT_sucks?taxonomyId=14&pageNumber=1

In my opinion, while it is expected for businesses to find new ways to generate more revenues, I however question the way we went about it.

From experience since I was an intern in networking and until my current position as head of IT, I have always found that the amount of time and money spent on the functional requirements of the project is about 1/3 on a good day of the total resources required for a project.

Example:

How many lines of code are needed to validate and authorize a credit card. (not that many)

But the lines of code needed for memory management, garbage collection, exception handling, authentication, authorization, transaction management is way more.

Furthermore, our system as a whole must fulfills the CIA test (confidentiality, integrity, availability). And to accomplish that, we deploy all kinds of Firewalls, IDS/IPS, load balancers, application firewalls (to protect the bad programmers), Fraud Systems, Monitoring systems, etc.

But when I stepped back and asked my self why all this, I couldn’t help but question our choice as business people of the protocol HTTP to carry out our revenue generating aspirations.

HTTP was created for the sake of information exchange in academia. Its stateless nature allows students and researcher to bring knowledge closer to one another with relative ease. But we the business community had other plans; we needed to make money over HTTP. It is conceptually the right thing thinking process; bunch of people come to this one place called the internet, why not sell them something. But there was a problem: The “statefull-ness” of business transactions over a stateless protocol is similar to a square peg in a round hole and we all know that the outcome is not a perfect one. Not only that, the user on the other side of the transaction is unknown, anonymous.

The unknown and the imperfection of http is what we are trying to correct by attaching non-functional requirements to every project. Unfortunately they come at a very high price in terms of employees, time, and complexity. Think about it, in its simplest form http allows spammers to disrupt your business at will. They can disrupt your business from anywhere on the planet at a stroke of a button. I can list many more examples: Denial of service attacks, Viruses, identity theft, phising, SQL injection, etc

In short, I truly believe that IP, DNS, HTTP, FTP, Telnet are not good enough for legitimate business. And that’s my honest opinion. Perhaps the business community can adopt a new internet where the participants are known.

Ahmed Tantan