Compliance

TFTP – A Government-to-Business Bulk Data Transfer Utility

The tech sector headlines over the past few weeks have been dominated with discussions about privacy policies of Facebook, Google and Yahoo both in Europe and the US.  Why doesn’t anything controversial like this ever happen in the B2B e-Commerce sector?  You might be surprised to learn that consumer and business privacy issues do arise in B2B.  And you would probably be even more surprised to learn that the issues are so significant that they make the front-page of the New York Times.  And you would be in disbelief if I told you that these data privacy concerns are considered strategic issues by the European Parliament, US Federal Bureau of Investigation and Central Intelligence Agency.  In this post, I want to highlight an example of how B2B networks are being used to track money-laundering activities of Al Queda terrorist cells through a system called TFTP. What is TFTP? If you are a B2B e-Commerce practitioner or regular reader of this blog you might have guessed that TFTP is yet another proprietary Managed File Transfer protocol that is creating barriers to frictionless commerce.  Unfortunately, you would be incorrect.  TFTP refers to the Terrorist Finance Tracking Program that was initiated by the Bush Administration shortly after the September 11th attacks.   The objective of the program is to identify and cutoff the international sources of financing that terrorist cells in the US are dependent upon to their conduct operations locally.  Nine of the hijackers responsible for September 11th funneled money from Europe and the Middle East to SunTrust bank accounts in Florida.   What is the relationship between TFTP and B2B e-Commerce?  For almost nine years, the TFTP program has been leveraging data about international finance transactions that is transmitted over the SWIFT network. SWIFT is a specialized business process network which connects all the major financial institutions around the globe for the purpose of exchanging information related to payments, securities, foreign exchange and letters of credit transactions.  SWIFT is not a bank and does not process payments, exchange currencies or facilitate securities trades.  Instead SWIFT is an information network that allows its customers, primarily financial institutions, to send instructions about which payments to execute; how to settle securities trades; and cash positions in bank accounts.  SWIFT does not refer to itself as a B2B e-Commerce network.  However, I classify them as one due to the fact that their primary business is the exchange of standards-based messages and structured files between different institutions. SWIFT is the biggest financial network on the planet with connections to over 9000 financial institutions in over 200 countries.  With every major financial institution on the planet connected to it, SWIFT routes in excess of $6 Trillion daily between institutions.  Although, SWIFT supports a wide variety of transaction types, the network’s strong suit has always been activities related to cross-border, high-value payments.   Consequently, SWIFT possesses a rich source of international financial transaction data that would be of great interest to US government agencies seeking to track terrorist money flows. Image Source:How Stuff Works And that is exactly the nature of the relationship that has existed between the US TFTP and SWIFT since a few weeks after the September 11th attacks.  The US government claims that by mining data from SWIFT transactions it has been able to identify thousands of terrorist related funding activities, including several high profile arrests.  Of particular interest to the US are transactions originating in the United Arab Emirates or Saudi Arabia destined for the accounts of US businesses and individuals with known terrorist affiliations.  For example, SWIFT data provided a link which helped to locate Riduan Isamuddin, believed to be responsible for a 2002 bombing of a Bali resort, in Thailand in 2003. More in a future post…

Read More

B2B Integration could help improve tracking of Pandemics such as H1N1 Swine Flu

I was watching the movie I am Legend on HBO Sunday evening.  I’m not sure if there is any correlation between HBO’s decision to broadcast of the film in May and the outbreak of the H1N1 Swine Flu.  However, it did start me thinking about pandemics and what could be done to better contain these outbreaks before they turn all of Manhattan into nocturnal, cannibalistic zombies.  The widespread outbreaks of H1N1 in Mexico and the US have made this subject top of mind for everyone from politicians to economists.  Of course, pandemics are yet another area in which B2B interoperability and integration technologies could play a significant role. The Center for Information Technology Leadership published a comprehensive report on how B2B interoperability in the US health care community could not only reduce costs but improve the quality of care.   Much of the data cited in this post is sourced from the 2004 report entitled The Value of Healthcare Information Exchange and Interoperability.   See my January post on how the Obama administration could save $75B annually from B2B interoperability in health care for more background information. Tracking Pandemics at the State, Local and Federal Level State laws require providers and laboratories to report cases of certain diseases to local and state public health departments.  Nationally “notifiable” diseases are forwarded by the state agencies onto the Centers for Disease Control and Prevention (CDC).  Connections between the states and the CDC are electronic and highly automated.  However, the first mile between the providers and the local and state agencies is highly manual.   Providers typically submit data via phone, fax, hard copy forms or very basic B2B communications methods such as a web portal.  For larger provider groups operating in multiple regions, notifications to state health agencies become even more cumbersome.  The 50 US states maintain more than 100 different systems to collect data each with its own communications mode. The most closely monitored “notifiable” diseases are frequently under-reported in the US.  Various studies conducted between 1970 and 1999 showed that only 79% of all STD, tuberculosis and AIDS cases were reported to public health agencies.  Reporting rates for other diseases was much lower at 49%.  There are several reasons for the reporting challenges.  But certainly one of the key issues is the ease with which the information can be transmitted to health authorities.  There is no question that the primitive communications methods used to collect provider data is a critical barrier to success.  However, even more problematic is the dependency upon overworked and understaffed provider personnel to take the time to consistently file the reports. Electronic Health Records – Public Health Benefits A better methodology for reporting on “notifiable” diseases would be to eliminate the need for human initiation altogether.  The process could be completely automated by connecting health care provider’s Health Information Systems and Practice Management Systems which contain the patient data to Public Health and Safety tracking systems.  However, connecting the tens of thousands of medical practices to the hundreds of different public health systems could prove quite an ambitious integration project.  A less complex and costly alternative would leverage the concept of Electronic Health Records (EHR).  The EHR would significantly simplify tracking of public health epidemics without the need for bespoke integration between various state agencies and each different medical provider. The EHR provides a comprehensive set of information about each patient including demographics, medications, immunizations, allergies, physician notes, laboratory data, radiology reports and past medical history.  EHR information could be stored in a series of centralized repository deployed around the country.  Each repository could contain the full medical records or just pointers to the locations of the records.   Triggers could be set up to automatically identify trends in data sets that might not be otherwise noticed, helping to provide an early warning system for potential disease outbreaks.  In the event of a pandemic or bioterrorist event, public health officials could easily access de-identified EHR data such as physician’s notes, patient demographics and medical history.  Without the dependency upon manual data entry, the latency of information flow could be reduced and the quality of information collected could be improved.  Administrative costs would be reduced considerably.  Average cost to send a report manually is $14 as compared to only $0.03 electronically.  CITL estimated that the use of electronic data flow from providers and laboratories to public health agencies would reduce administrative costs by $195M annually.  CITL did not quantify the potential economic savings from early identification of pandemics and bioterrorist events, but there is no question that these could be in the billions of dollars. B2B Interoperability and EHR Of course, a key technology enabler for EHR is interoperability between the various health care providers and the corresponding state, local and federal agencies.  Medical data is transmitted between providers, payers and public agencies using a variety of B2B standards including DICOM, HL7, NCPDP, and HIPAA-compliant EDI transactions.  EHRs could aggregate the available data related to prescriptions, claims, lab reports and radiology images into an electronic record.  Additional services could be layered onto the B2B integration framework such as data quality could be used to ensure the completeness of records and business activity monitoring to identify behavioral trends. Another concept evangelized in the CITL report is the idea of a National Electronic Disease Surveillance System (NEDSS).  The NEDSS would collect data from a number of relevant sources outside of the health care system which could be useful for monitoring   Examples might include 911 call analysis; veterinary clinic activity; OTC pharmacy sales; school absenteeism; health web-site traffic and retail sales of facial tissue, Orange Juice.   Such practices have been deployed by the US Department of Defense and the Utah Department of Health during the Salt Lake City Olympics in 2002.  Such an effort would require integrating additional state and local agencies, educational institutions and retail chains electronically using B2B.  

Read More

BIAN, TWIST, SWIFT: Why Standards Matter

standards organizations

There was a great presentation that has circled the web  for the past few years called ShiftHappens which focused on “the speed of change”. It made some great observations about population, technology and societal changes that have happened in a really short span of time. In fact, when you focus only on technology the speed of change is staggering. Someone once told me that “technology is anything that has been created since I was born.” And to prove that point every Fall someone sends me an email with all the things that the newest class of college undergrads have never lived without like Wi-fi, GPS or iPods. Needlesss to say every Fall, I get a little depressed…but only a little…because hey at least I don’t have millions of dollars invested in technology that is obsolete or soon to be obsolete. But many bankers have not been so lucky. Today, many banks’ investments in technology are so far behind the needs of the marketplace for security, transparency and flexibility that they might not be able to afford to recover or compete. One of the reasons for the existence of standards organizations is to help mitigate the risks associated with the speed change. Not only the speed of change in regulations and processes but also in technology. And many standards organizations are working to help banks keep pace with the speed of change while also helping them to keep an eye on the investments they have made, are making and will make so that at the end of the day, millions aren’t spent on technology that will be obsolete before the next annual report. Articles abound about the banking industry’s focus on replacing outdated and expensive legacy core systems in the quest to add new capabilities, ones that can address issues around risk, regulation and customer retention. But not surprisingly, the focus on economic stability has put replacement plans on hold for many, although these issues really can’t wait for better days in order to be fixed. Which is one reason, we should all be glad that the alphabet-soup of standards organizations,are still moving forward with strategies, road-maps and updates that may help to make life a little less complicated when credit starts flowing again. For example, the Banking Industry Architecture Network (BIAN) announced a change to their mission statement and also that they will publish their first set of deliverables. BIAN’s goal is to be the standard for service-oriented architecture (SOA) in the banking space which should equate to a clearer understanding of technology needs required for growth. The operative word of course is “should”, because while BIAN is focused on architecture, it is not the only standards organization that is contributing to the technology conversation, and others may have a completely different take on the direction that technology needs to take to prepare for change. Particularly when you consider that many standards organizations are made up almost exclusively of a single group of  players from a given business segment with a singular focus on their specific area of interest. This laser focus often leads to a less than ideal adoption rate because the standard does not have a holistic value proposition that resonates across the organization. Which is one reason that groups with more diverse memberships like the Transaction Workflow Innovation Standards Team (TWIST)which helps corporates with standardizing  platforms, matching & netting services as well as settlement and clearing services to integrate their relevant systems (i.e. ERP, payment and reporting systems) are equally important to the “speed of change” conversation. Since TWIST is comprised of members from the corporate sector as well as the banking and technology vendor segments, they approach the concept of change differently than a group like the Society for Worldwide Interbank Financial Telecommunication (SWIFT ) which until fairly recent was comprised solely of bankers. TWIST with its focus on the automation of corporate financial supply chains, looks at technology needs from a perspective of gaining interoperability by building on existing technology investments. By utilizing a modular approach to the adoption of its standards, TWIST lets adopters to use their recommendations on good practice work-flows, message standards and data security how they want and when they wish. This modular approach to implementation is in some ways very similar to our Managed Services approach to B2B integration. How so?  I knew you were going to ask. Well I won’t do a sales pitch because how much fun is that for anyone but I will highlight a few bullets based on TWIST’s game-plan  to show similarities/overlap/complementary tactics, etc. and you can decide for yourself. “The TWIST standards aim to enable straight through processing (STP) from end-to-end of the three processes, irrespective of the way the processes are transacted, the service providers that are involved and the system infrastructure that is used. By standardizing: Information flows Business process Electronic communications (whether direct or indirect between market participants and service providers Platforms, matching & netting services as well as settlement and clearing services, and the methods of integrating the relevant systems” Our Managed Services aims to help businesses and banks to connect with any corporate client or trading partner, regardless of location, size or B2B technical capabilities by supporting:  Information flows–Optimizing the flow and quality of technical data and information Business process–Performing all of the day-to-day management of a customers’ B2B infrastructure including systems-health monitoring, data backup, network and database management Electronic communication–Providing a broad range of trading partner connectivity options including FTP, FTP/S, MQ Series, AS2, HTTP/S, XML etc. Integrating relevant systems–Delivering a team of experts who are proficient in SAP and Oracle B2B integration and have a deep knowledge of industry standards Okay, hopefully you don’t feel as if you’ve navigated a sales pitch but as I said there are similarities in the approaches largely because both TWIST and OpenText are working to create a “win/win” environment. An environment that operates to meet the current and future needs of its customers and members. The promise of standards is similar to the promise inherent in a compelling managed services offering, to simplify the complex, create a repeatable methodology that can serve the current and future needs of the organization and help contain costs by leveraging existing or past technology investments. Read more here.

Read More

Bisync 2020 – The Case for FCC Regulation of B2B Communications

B2B communications

In my last post, I commented on the continued use of legacy communications protocols such as async, bisync and X.25 for B2B e-commerce.  I have never seen an official report on the use of legacy communications in B2B integration. However, I am confident there are over 10,000 companies are still using legacy dial-up connections. In this post, I want to continue the discussion exploring the implications of the business community’s continued use of these ancient technologies. I also want to explore the roles of commercial entities and government regulators in phasing out these legacy communications protocols. Who and Why? The primary users of async, bisync and X.25 are small businesses that established EDI programs over a decade ago and see no benefit in upgrading to newer technology. These companies are still running EDI software on a Windows 95-based PC and a dial-up connection to their VAN provider. Many of these companies running the older technology do not even know what async or bisync is. They just know that the PC sitting in the corner automatically phones home every night and magically retrieve all of their purchase orders. Why don’t these customers upgrade to newer technology?  Most small businesses lack the resources, budget and technology expertise to upgrade to a newer B2B communications protocol such as AS2 or FTP. Furthermore, most are reluctant to make changes to their EDI configuration for fear of disrupting electronic commerce with customers. Would you want to be the EDI manager who was responsible for losing a $2M order from Wal-Mart during a cutover from bisync to AS2? Challenges of Legacy Communications in B2B Does it matter that so many businesses are still using legacy communications technology for B2B? That is a subject of significant debate. But I have listed below a few disadvantages of such pervasive use of the older technologies: Business Disruption – In the early days of EDI, communications functionality was bundled into desktop software packages. Many of the developers of these early EDI translator packages no longer offer support for the older software. Consequently, if the older software breaks then there is a significant risk that users will not be able to quickly remedy the problem. The result could be a disruption to order flow with trading partners, which could have a ripple effect across the value chain Limited Functionality – Users of legacy communications technology are only able to conduct the types of B2B transactions supported by the original EDI software package. In most cases, the older software does not support the newer XML schemas introduced in recent years to support automating a wider range of business processes. Consequently, the ability to develop more collaborative business processes between buyers and suppliers is constrained by legacy technology Outdated Information – Users of legacy communications tend to operate in an off-line batch mode. EDI documents are exchanged with the VAN once a day or sometimes once a week. Consequently, these companies receive updates to orders, forecasts, shipments and bank balances only once a day or once a week. The overall supply chain becomes less agile when companies cannot exchange order, logistics, inventory and payment data in near-real time to respond to changing market conditions Why consider a Regulatory Approach? There have been several attempts by industry to force technology upgrades each of which have failed: Lower Cost Substitutes – The advent of the Internet in the late 1990s introduced a number of substitute technologies that small businesses could use for EDI such as AS2, FTP and Web Forms. Despite aggressive sales efforts by vendors, there remains a significant population of small businesses unwilling to upgrade their B2B technology Product End of Life – Commercial service providers such as the major telecommunications carriers have discontinued support for legacy protocols such as X.25, async and bisync. However, carrier efforts have been handicapped by their large customers, which have trading partners still using the legacy protocols. These corporations are major buyers of telecom services that use their purchasing power to negotiate extensions to the end-of-life to the legacy B2B protocols Pricing Deterrents – A number of VAN providers have attempted to raise the prices of async and bisync dial-up services in an attempt to encourage customers to transition to more modern communications protocols. The new pricing models of VAN providers met with considerable outrage from the end-user community.  Ultimately, the service providers were forced to abandon the pricing policies and extend indefinite support periods for the older communications With vendor-led efforts to drive technology upgrades failing, it seems that the only remaining alternative might be public policy. Or we could accept the fact that bisync will be alive and well in 2015, 2020 or maybe even 2050.  Should the FCC impose an end-of-life date for legacy B2B communications protocols? Should there be government subsidies to enable upgrades to AS2 and FTP?  Post your thoughts and let me know what you think.

Read More