Welcome to the March 2007 issue of the IT Newsletter.

Articles

1. Website Design Bloopers
2. Smart Cards: How smart are they?
3. E (Everywhere) Commerce with Mobile Payments
4. Technology Update at your desk
5. Further Reading and References

1. WEBSITE DESIGN BLOOPERS

Many people think designing a website is easy yet there are many website that are difficult to use and to navigate around. The problem is often in the methods that people use to get user input. Alinta Thornton describes seven common approaches that lead to usability problems and describes simple design rules that will help overcome these problems.

Blooper 1: "We'll just build a good site…" (without users)

Many people think good design is just a matter of carefully building a structure that makes sense to them, getting a good graphic designer to create a beautiful interface, and writing snappy content.

"After all", they reason, "we're good at what we do. We win awards".

"No need to involve users; that takes far too much time and effort. We'll just build something that works, right?"

"Anyway, what if we find out users don't like some of it? Does that mean we're not good designers?"

Involving users to find out their needs is good design. No matter how good a designer you are, you're going to produce something better if you fully understand what users want (and more importantly), what they need.

You'll get the credit if the site does what it's supposed to do.

Rule 1: "Don't design in a vacuum".

Blooper 2: "We know what our users think"

Many companies think they know their users very well. "We deal with them every day; we have a lot of information about them from market research and sales figures and call centre records."

We've found many times that beliefs companies hold about their own customers are at odds with how the customers really think and behave. The problem is that you aren't your user. Your skills, knowledge and reactions are very likely to be different from theirs. However hard you try to imagine you're the user, you can't be them.

After all, they do different jobs, probably don't work at your company, come from different backgrounds, are different ages, aren't steeped in the company's terminology, and probably aren't web site experts.

Even if you know them very well and deal with them daily, and even if you use the same site you're designing or upgrading, you still aren't a user.

Why is this a problem?

Things that seem natural and normal to you may not seem so to customers. For example, it might seem obvious to an aluminium production company which of its products are made in the Extrusion Division and which are made in the Foil Division. Customers, however, may not be at all sure.

In this case, having two buttons on their site labelled "Extrusion" and "Foil" is likely to be a poor choice, even though it may please the managers of each of these divisions.

Rule 2: Don't work without involving real users

Blooper 3: "We know what users think - we surveyed them"

Another way to approach the problem is to create an initial design, show it to users, and then ask them to complete a questionnaire.

Unfortunately, even the best questionnaire will rarely get accurate results. Usually people will rate the system much higher than it ought to be rated. We often see people struggle with a site, unable to do any of the tasks they wanted to perform, and then rate it 4 out of 5 on every aspect.

Why surveys are inaccurate

People don't accurately reflect all their difficulties in surveys for a number of reasons. For example, they:

• don't want to upset the person who's reading the result
• are unwilling to commit criticism to paper
• are unwilling to criticise more than one thing, because they don't want to be mean
• are influenced by the site's appearance. If they like the way it looks, they will often rate it highly even when they can't do anything
• tend to believe their problems using the site were their own fault for not using the site properly or not being skilled enough.

Cost to the business

Placing too much store in survey results can be risky. If, for example, a shopping site's customers can't locate items in a catalogue, or a banking site's customers can't work out how to apply for a mortgage, they will take their business to a competitor.

Rule 3: Don't rely solely on questionnaire results for your user data

Blooper 4: Ask internal staff instead of end users

Another approach is to develop a design and show it to people inside the company. After all, they aren't close to the design the way you are; won't their opinions be useful? Their opinions are useful to you - as stakeholders at your company, but not as your users. They are too steeped in the company's structure, organisation, naming conventions and attitudes.

Staff members don't have the same point of view as customers. Unless you're building a product your company's staff will use, such as an internal software system or intranet, staff opinions are interesting but they are not going to help you much. They know why customer service takes three days to answer a query, whereas a customer doesn't care. Customers just want an answer, now.

Your friends and family don't usually fall into the category of your users either. (Unless your site is for, say, librarians and your friend happens to be a librarian).

Rule 4: Staff, family and friends are not normally your users.

Blooper 5: Justify or defend the design when you're testing it

Some design teams will gather together a focus group before the project starts. This can be very helpful, if you're asking about things like what they'd expect from such a site, what they'd want to find there, what they'd want to be able to do, etc.

If on the other hand, you're showing users a finished design and asking for opinions, it's unlikely to pull out anything useful.

When the design is finished, you may be somewhat defensive. If a user says, for example, "I don't like the way the navigation works", you may find yourself jumping to explain why it's like that - it's only natural. Unfortunately, you'd miss out on the useful feedback, and the user gets the message not to criticise.

If you use a collaborative design method, though, this can work well. It's all in the way you approach it.

Rule 5: Don't justify or explain faults: let the design stand or fall on its merits

Blooper 6: "It's a training issue"

Where training is used as an alternative to user-centred design, it tends to happen on internal applications, such as intranets or software systems or web sites for use by clients and staff.

The system will be difficult to use, but staff are captive, so the development team can say to themselves, "it's hard to use because it's new; we can train everyone to use this and it will be fine". That's true; people can be trained to use anything. You've probably done so yourself.

Cost to the business

But what's the cost of this training - an ongoing cost - as opposed to the cost of getting it right upfront? You can calculate the cost like this:

(No. staff turnover/year x hours required to learn the system x median hourly income) + (x hours training x median income trainers) + (cost of training materials and equipment) = total training cost.

Using a sample company, Acme Pty Ltd, here's a worked example:

• 120 staff x 35 hours' formal training x $62/hr = $260,400
• 45 hours trainer's time (including preparation) x $76/hr x 40 groups = $136,800
• $15 per handout x 120 staff = $1800
• 10 hours informal training x 120 staff x $62/hr = $74,400
• 10 hours informal training x 120 staff x $76/hr = $91,200
• Total training costs = $564,600

If Acme can reduce training requirements by even 25%, this represents a saving of $141,150 per year. Over the life of the site this could really add up.

A well designed, usable system could reduce training time by considerably more than 25%.

Rule 6: Don't use training to substitute for good design

Blooper 7: Doing only acceptance testing or prototype testing

Sometimes a web site team will do user acceptance testing, or even usability testing once a prototype is built. This in itself can be useful.

But what often happens is that serious design problems will be uncovered at this point. After you've done the design, graphics work, coding and structural work, it can be expensive and time consuming to fix the design at this point in the development process.

By now you're near the launch deadline. Realistically, you only have a few options:

• Most teams will fix whatever is easy to fix and launch the site, complete with problems

Launching a site with usability problems can mean you lose customers, since research shows if people have a bad experience on your site they won't return. You just lose the business.

• Delay the launch to fix the worst problems

Fixing serious problems late in the development cycle usually means you'll miss the production deadline. Since the deadline often relates to meeting current market needs and beating competitors into the market, this can be serious

Data from House and Price (1991) shows that companies generally:

• lose 33% of after-tax profit when they ship products six months late, compared with 3.5% loss when they exceed product development budgets by 50%.

• Add resources to help you fix them.

So it's better to spend a little more on hiring a specialist user interface designer (either in-house or consultant) to get the design right up front.

Cost to the business

The rule of thumb is that it costs:

• $1 to fix usability problems during the initial design phase
• $10 to fix once the code has been written
• $100 to fix after it's been released.

Rule 7: Prototype/acceptance testing uncovers problems too late in the development cycle

Alinta Thornton is a Senior Consultant with The Hiser Group. The Hiser Group specialises in user interface design. For more information about the Hiser Group send an email to info@hiser.com.au or visit their website at www.hiser.com.au

Top

2. SMART CARDS: HOW SMART ARE THEY?

Do we need smartcards? Do you feel safe on the Internet? Are you worried about privacy? Stephen Wilson takes a look at the debate on whether we should adopt smart cards and explores some of the myths and folklore surrounding the technology.

Smartcards are hot items in IT security and anti-fraud strategic planning. The mainstream press is debating privacy security and public policy issues around the Commonwealth's proposed human services Access Card. And most banks are weighing up the return-on-investment in smartcard credit cards. These are mature technologies now, with perhaps 100 million multi-programmable smartcards issued in health and identity schemes globally, and nearly half a billion in financial services. Yet privacy and security anxieties remain, and the cost-benefit picture is still controversial uncertain in the Australian banking sector. Why should this be the case when the rest of the world is moving to smartcards? One reason seems to be that the full spectrum of smartcard features and benefits seems to be underappreciated; another is that smartcard investment and finance decisions are too often made in silos, by cards product groups for example, oblivious to the all-of-business upside. This article provides a non-technical overview of the full gamut of smartcard capabilities, and illustrates where business benefits can be enjoyed across many parts of the business.

For most people, smartcards have long been associated with "multi-function" uses like stored value (or "e-purse"), ticketing and tolling, portable health records, and loyalty. The real point of the technology tends to get lost in the hype. Multi-functionality might be a great value-add, but on its own it rarely makes for a compelling business case.

The core benefits of smartcards

First and foremost, for all practical purposes it is not possible to copy or counterfeit a well designed smartcard. Conventional plastic cards store everything in a passive magnetic stripe, so anyone with a reader can skim and copy the data to counterfeit cards. Smartcards on the other hand can be configured to only divulge their data to qualified and authenticated terminal equipment. Smartcards furthermore carry buried cryptographic codes, burned into the silicon chip during manufacture. Even if an attacker obtains a smartcard plus its PIN, they still will not be able to clone the card. To be sure, there is no such thing as perfect security, and no smartcard advocate would seriously claim this technology will never be cracked. But the smartcard's sophisticated tamper resistance is based on a modern technology platform that is extensible, can keep ahead of the cyber-crime arms race, and can be accredited at different price points against an array of international security standards.

Smartcards are smart. The built-in intelligence of the chip means they can tell what's going on around them, a unique capacity which can be applied in many ways. For instance, a smartcard can tell what sort of reader it is attached to, and even what type of software application is running on the backend, and can respond accordingly, refusing to communicate with unauthorised applications. Different areas of a smartcard's memory can be controlled by different PINs. Some data can be "free read" while other data is only readable (or writable) under PIN control. Security rules like daily transaction caps can be enforced offline, so fraud can be detected in environments where backend connections cannot be relied upon. Centralised data mining for fraud detection can be avoided.

Only smartcards provide for the "mutual authentication" that is now recognised as they key to safe online banking and Internet e-business in general, in the face of the spiralling risks of phishing, pharming and website spoofing. A little over a year ago, the US Financial Institutions Examination Council stated that "one reason phishing attacks are successful is that unsuspecting customers cannot determine they are being directed to spoofed Web sites...mutual authentication provides a defence against phishing and similar attacks". ¹Many banking associations and regulators have endorsed or even mandated two factor authentication as a response to end user identity theft, but two factor is not the same thing as mutual authentication. Most two factor authentication - including one time passwords, SMS messaging, matrix cards and biometrics - is vulnerable to Man-in-the-Middle attack and so does little to protect against phishing and web fraud; witness recent serious attacks on Citibank² in the US and Nordea³ in Europe.

The head of cryptography at the National Institute of Standards and technology - responsible for the USA's new federal government staff smartcard - says that in respect of Man-in-the-Middle attacks, "the only practical solution today uses PKI" in hard tokens like smartcards.⁴

Finally, modern smartcards act as "containers", able to carry multiple digital credentials for different schemes and applications. Embedded PKI digital certificates in particular can protect credentials against counterfeiting and cloning, because only authorised issuers can publish and load them, thus proving their "pedigree". Thus a smart driver licence can be loaded with certificates for secure e-business. Or a healthcare card can hold multiple identifiers for diverse, patient controlled records systems.

Smartcards and public policy

Smartcards certainly continue to inspire fear. A Sydney Morning Herald editorial in early 2006 was blithely unaware of even the possibility that smartcards could enhance privacy, when it said: "Technological change means such a card would now pose far greater challenges to liberty and privacy than the Australia Card suggested by the Hawke government in the mid-80s". In fact, properly applied, smartcards could bring the most significant improvements to online privacy we have ever seen, by tackling phishing, pharming and spam.

Unfortunately there is also an almost universal de facto viewpoint that privacy can be traded off in the interests of security. Politicians and even technologists have got into the habit of conceding (even promoting) that some privacy should be given up in the name of better security. One senior minister has been quoted in the context of the new human services Access Card as saying "people were now more tolerant of intrusions into their privacy because of security threats".

Yet the truth is that smartcards can dramatically enhance security and privacy at the same time. It isn't just that smartcards resist card fraud by skimming; they can also return far great degrees of control to consumers, reversing the trend for their personal information to be centralised and copied across countless unseen backend systems.⁵

So smartcards should lead to modern and more optimistic technological responses to the challenges of security and privacy.

A fresh perspective on security and privacy

First of all, we should not even think about having a debate about privacy! Privacy should not be readily negotiable. Let us not simply give it up for fear of security being more important. The public have a right to enjoy privacy and security at the same time.

Secondly, consumers should have enhanced abilities to deal anonymously. National Privacy Principle No.8 has in fact long required the option of anonymity, but most businesses have come to view it as impractical. Moreover, for banks the strenuous new reporting mandates of Anti-Money Laundering legislation and the Basel II capital adequacy regime appear to cancel out any possibility of anonymity or pseudonymity. However, new technologies like zero knowledge methods and smartcards shed fresh light on these challenges. Surely competitive advantages await for those institutions that safeguard the identity of their customers from prying eyes while being able to meet their compliance obligations.

Thirdly we should all do more to resist the ever increasing centralisation and aggregation of personal data. One of the more obvious and worrying outcomes of data centralisation has been the sale of massed personal information to criminals by corrupt call centre workers. Theft, or accidental leakage of personal information from government agencies, financial institutions and data processing bureaus is regularly reported nowadays. So why have we allowed huge stockpiles of our personal details to be amassed by third parties? As identity crime soars, large stores of personal information are increasingly valuable to sophisticated and highly organised attackers. E-commerce providers struggle to manage their legal liabilities to lockdown these repositories without expending huge funds and resources on security.

And finally, the community deserves real safety when accessing the Internet. The Commonwealth government for instance has the laudable goal of moving more and more of its services and transaction traffic online. Human Services agencies in particular send out hundreds of thousands of pieces of mail every day, and they envisage moving as much correspondence as possible to e-mail.

But the paradox of course is that at the same time, banks and other institutions, gripped by phishing, are busily telling consumers to distrust e-mail! So if it expects citizens to use e-mail, government must surely take active steps to guarantee the safety of the channel in regards to phishing, pharming, spam and website spoofing. There is huge potential for the government's new Access Card and for banks' imminent smart credit cards to be applied in the war on phishing and spam.

Australians have long proved to be early and enthusiastic adopters of new technologies, so long as the value proposition is clear and true. The experience of smartcards here could be hugely positive if the full spread of capabilities was communicated and delivered to consumers.

Stephen Wilson is a leading international authority on identity management and information security. He has helped establish several new identity and security consulting businesses, including new services at KPMG and PricewaterhouseCoopers. In early 2004 Stephen established the Lockstep Group to provide independent security advice, and to develop new smartcard technologies for identity theft and privacy. See www.lockstep.com.au.

Top

3. E (EVERYWHERE) COMMERCE WITH MOBILE PAYMENTS

A new generation of Mobile payment systems can mean changes for a business. These solutions can bring cashflow forward, reduce bad debts and give business owners a real insight into their business performance. Rob Mason explores how these Mobile Payments solutions work and the benefits that they can offer to business.

How do these new Mobile Payment solutions work?

You've probably been hearing a load of new buzz words lately such as Web 2.0, AJAX and Mobility Solutions. A lot of this is the normal hype that surrounds new technologies.

This new generation of Mobile Payment solutions are very different from the clunky and expensive old Mobile EFTPOS terminals that taxi drivers and pizza delivery people have been using for the last few years.

These new solutions are similar to the current e-commerce payment gateways people have been integrating into websites over the last decade. But instead of targeting the cardholder, they are aimed directly at your staff. In this way they have more in common with the virtual EFTPOS terminals that many acquiring banks provide.

The key benefit is that you and your team (or your clients and their teams) can now process credit card payments in real-time, anywhere, anytime. Just enter the customer and payment details into your phone and get paid on the spot.

Are these Mobile Payment solutions secure?

Like any new technology you need to be careful that the solution you choose is stable, usable and secure. Below is a list of some of the issues to look out for.

• WAP

Some Mobile Payment solutions use WAP which, apart from being difficult to use, can have many security issues. Your Telco may be able to access the payment details and some details are even stored on the phone itself. I would be very careful about using a WAP based solution and suggest that you clearly establish that this solution has been certified by your acquiring bank.

• SMS

Some solutions just ask you to submit the payment details via SMS. This is highly insecure and may even be a breach of your merchant agreement. I would strongly recommend avoiding these solutions altogether.

• IVR

Some solutions ask you to call an IVR system and use your phone's key pad to enter your merchant id, PIN, card number, expiry details and amount. These solutions are vulnerable to call interception and possibly even local recording of the key pad tones. They are also slow and difficult to use requiring you to re-enter your merchant ID and PIN every time you process a sale. And most users can only enter numbers via their key pad - preventing or limiting your ability to gather useful cardholder and customer details.

• Bluetooth

Some solutions use a separate card swiper and printer that connect to your Mobile using Bluetooth. Bluetooth is a wireless technology designed to connect devices over short distances (1-10m) to form a Personal Area Network (PAN). While Bluetooth can be secure when configured correctly it has a history of security breaches and high profile hacking.

One famous example was Paris Hilton having her messages and address book stolen from her Mobile via Bluetooth without her even knowing.

I would be very careful about using solutions that require Bluetooth

So what is secure?

A secure solution stores no information on your Mobile at all. It uses at least 128bit SSL (preferably 256bit or greater) throughout the whole network connection. It uses strong authentication/authorisation and stores no critical card details on the Payment server at all.

Secure Mobile Payment solutions have been tested and certified by an acquiring bank.

How does a Mobile Payment solution really help a business?

This largely depends upon the culture and nature of the business, but the list of common benefits is already substantial.

• Get paid on the spot-anywhere, anytime

If you and your team (or your clients and their teams) are spending time writing up invoices and then following up for payment 30, 60 and 90 days later then a Mobile Payment solution can help you. As soon as you've finished your sale you can process the credit card transaction on the spot. You get an approved or declined result immediately allowing you to bring your cashflow forward and virtually eliminate bad debt.

And a good Mobile Payment solution will automatically send an SMS notification and an Email receipt to the cardholder saving you and your staff even more time, duplicated data entry and the effort of manual reconciliation.

• Link payments to specific customers

The existing Mobile EFTPOS terminals and many of the poorer Mobile Payment solutions simply collect the minimum card details required to authorise a payment. A good Mobile Payment solution will also link these payment details to a specific customer. This information can be used by your Accounting and CRM software to deliver real business intelligence and remove the need for expensive and time consuming reconciliation and data matching.

• Securely view and track your teams sales in real-time

A good Mobile Payment solution will also allow you to securely view and track your processed payments online in real-time. This may be via your Mobile (in the field or even out on your boat) or via a Web Browser on your PC(in the office or virtually any hotel or cafe in the world).

Apart from giving you the pure excitement of watching your sales pouring in in real-time, you can also use this to spot new sales opportunities or to identify exactly how your team members are performing.

• Download these records into Accounting and CRM systems

Accounting systems like MYOB or Quicken and CRM systems have quickly become the life blood of the modern business. A good Mobile Payment solution will make it easy to share information with systems like these.

• No more need for bulky Mobile EFTPOS devices or card swipers & printers

Existing Mobile EFTPOS devices are large, ugly and expensive. And some Mobile Payment solutions require extra accessories like card swipers or even printers. Printers are currently the number one IT support cost and these mobile printers often require special thermal paper and chargers. These accessories are also unlikely to survive a life of bouncing around in a ute or handbag.

In contrast a good Mobile Payment solution will run on a standardised phone commonly available on $0 plans from any major Telco. And because no data or even the application itself should need to be stored on the phone, if you lose it you should be able to walk into any phone store and replace it easily-walking out the door ready to process payments immediately.

What about merchant fees and chargebacks?

Some Mobile Payment solutions are more like web-based e-commerce solutions that are vulnerable to high merchant fees and chargebacks. A good Mobile Payment solution should be certified by the acquiring bank and collect all the information you need to reduce or eliminate your chargeback risk.

What's next?

While the list of benefits above is already considerable, a good Mobile Payment solution can also easily be extended to integrate into any area of your business.

Consider…The Mobile can present your team with product catalogues and special offers that can be updated in real-time. Each sale can then also automatically place a courier order and send electronic or fax based orders to one or more fulfilment centres.

Essentially any set of tasks or workflows that follow on from collecting a prospect or making a sale can be automated where required. And this is really just the start. Over the next few years more sales people and even consumers will have phones that support these new services. This can create a whole new "in the field" sales force for your company or even totally reshape your whole distribution model itself.

This is an exciting new area that offers benefits to your business.

Rob Manson is Managing Director of www.MobileOnlineBusiness.com.au (MOB). MOB have used their SmartMOB Toolkit to create www.paymentz.com.au and they are a Certified St George Solution Partner. For more information about MOB and their new reseller business model, visit their website.

Top

4. TECHNOLOGY UPDATE AT YOUR DESK

The Institute has long looked to offer its members new and exciting ways to access professional development and keep up-to-date with technology. Recently you will have received an email inviting you to participate in the "Microsoft Technology Update Web cast". Judith Merryweather shares some observations about the web cast.

Technology Trends

Ever heard IT people use terms and wonder what they are talking about? Ever been asked by your clients about Engin? Or Wi-Fi? Well Yvonne Adele, known to TV viewers as Ms Megabyte, kicked off the webcast by presenting several "jargon buster" segments. Each segment introduced simple descriptions and definitions of terminology that is increasingly heard in business corridors but which can seem confusing to business people, such as:

• Convergence
• BlueTooth
• VOIP
• Hand-held
• Tablet PCs

Even with an understanding of basic IT terminology, making that business decision about introducing the technology into your business is another matter. But not for Ms Megabyte who introduced simple checklists that may help. For example, what does a server do and how do you know if you need a server for your business? What are the benefits of Microsoft Small Business Server?

Microsoft Office 2007

Ms Megabyte described some of the benefits offered to businesses by the new Microsoft Office 2007 Suite including:

• Ability to save to PDF
• Improved Powertpoint templates
• Business Contact Manager Publisher

Then it was time for an in-depth look at the new Excel 2007. Can you imagine your client's delight in receiving professional charts showing their business performance analysed to highlight trends? Roger Pegler CA demonstrated the benefits of Excel 2007 including some of the more powerful featuers for presenting the data more professionally including:

• New formatting options
• Charting options
• Colour highlighting
• PDF save

Microsoft Windows Vista

Another segment of the webcast was given by Jeff Putt, Director of Windows Business Group at Microsoft Australia. Jeff provided an overview of Windows Vista and its enhanced graphical interface and improved integration. Imagine searching across your hard drive and/or the web with one click? Improved search functionality is provided by features including:

• Tags
• Integrated search
• Search from Start Menu

Jeff also demonstrated some of the improved tools for handling and overcoming data loss including searching for Backup and Restore and Shadow Copies enabling restoration of previous versions.

Member Offer

The final segment of the webcast introduced a special offer for members of the Institute. For details of the offer and benefits visit Benefits click on the Microsoft logo, click on 'Business Technology Update' then select the link to 'View the webcast now'

Its Never too Late!

As you know once a professional development activity has finished, you rarely get a second chance. If you are on holidays when an event is on or travelling to clients, the opportuntity is gone. However technology saves the day and shows it can be done. By recording a webcast, the session can be made available to you to view at your own leisure even weeks after the original event.

So those members who missed out on the original webcast have not missed out entirely. Visit Benefits click on the Microsoft Logo, click on 'Business Technology Update' then select the link to 'View the webcast' now. And of course the Special Member Benefits Offer is also available - just follow the information provided in the webcast.

Judith Merryweather is a Business Systems Consultant with Alexer Pty Ltd.

Top

5. FURTHER READING AND REFERENCES

In this issue we have identified a number of issues and trends and provided some specific website references for our contributors. Below is a miscellaneous selection of websites and references that has been compiled to help interested readers undertake further research on these topics.

Mobile Commerce

Mobile payments are a new field with innovative solutions emerging almost daily. At Mobile Payments World (www.mobilepaymentsworld.com) those with a keen interest can read the latest news and receive the latest market analysis. While based in the UK, the site provides a global perspective on vendors, solutions, trends and new developments. Most content is for subscribers or for purchase.

An interesting overview of emerging uses of mobile phones for making payments is given in this Industry Briefing titled "Mobile Phones the New Way to Pay?" by Krista Becker, Emerging Payments Analyst, Federal Reserve Bank of Boston. In the article, found at http://www.bos.frb.org issues such as disparities in the technology, consumer acceptance, and the complexity of the supply chain are explored.

With new payment methods emerging, there is a concern about the impact these will have on money laundering and terrorist financing. The OECD's Financial Action Task Force was asked to look at the new technologies, assess their vulnerabilities and provide recommendations. The results can be found in the "Report on New Payment Methods" at http://www.fatf-gafi.org

New mobile payment methods are launching in Australia as well. In "Mobile Merchants Dialling for Deals", Nick Miller Mobile Merchant Dialling describes the launch of a new Queensland-based mobile payment solution.

Managing Technology

"Don't separate your ERP implementation from your compliance program "(http://www.cioupdate.com/trends/article.php) provides information that no matter what size organisation you are in, it is important that compliance and controls are never far away. In ERP systems, implementing and optimising controls may not be simple writes Kenneth Gabriel of KPMG LLP yet it is important to achieving the full benefits of the system.

In July 2006, McAfee announced that it officially released protection for the 200,000th threat in its database and with regular additions of new threats, McAfee expects the 300,000th threat to be identified by the end of 2007, demonstrating its growth potential. "McAfee's Top Ten Security Threats for 2007", (Article) the Avert Labs describes the trend for more professionalism in malware writing as password-stealing websites, more spam, and infected video plague users and change the security game once again.

Smart Cards

To keep up to date with the implementation of the Access Card in Australia, visit the Office of Access Card site at (www.accesscard.gov.au). Information specific to the health and other industries is available as well as reports and plans for introducing the card.

Another Australian Government site worth a visit is the eGovernment Resources Centre from the Victorian Government. The section devoted to smartcards at www.egov.vic.au has a good library of news, articles, papers and submissions about smart cards.

The Smart Card Alliance (www.smartcardalliance), citing several Australian organisations as members, is a not-for-profit, multi-industry association focussing on education on the appropriate uses of technology for identification, payment and other applications. The Alliance advocates the use of smart card technology in a way that protects privacy and enhances data security and integrity.

The information is this email is confidential to the named addressee and subject to copyright. No one else may read, print, store, copy, forward or act in reliance on all or any of this email or its attachments. If you are not the intended recipient, any use, reliance upon, disclosure or copying of this email is prohibited and unlawful. If you have received this email in error please notify the sender. The Institute of Chartered Accountants in Australia (ABN 50 084 642 571) does not warrant that this email and any attachments are error or virus free and recommends that all attachments be checked for computer viruses.

The IT Newsletter is available by subscription for $66.00 annually (inclusive of GST).

For further information please contact:

Business and Practice Support Coordinator
business_practice@icaa.org.au