News update 2004-07: July 2004
===================
A monthly newsletter on risk management in financial services,
operational risk and user-developed software from Louise Pryor
(http://www.louisepryor.com).
Comments and feedback to news-admin@louisepryor.com. Please tell me if
you don’t want to be quoted.
Subscribe by sending an email to news-subscribe@louisepryor.com.
Unsubscribe by sending an email to news-unsubscribe@louisepryor.com.
Newsletter archived at http://www.louisepryor.com/newsArchive.do.
In this issue:
1. Upgrade has knock-on effects
2. Fraud prevention
3. Gene databases corrupted by Excel
4. FSA update
5. Other sources of information
6. Newsletter information
===============
1. Upgrade has knock-on effects
Citibank UK have been having problems with their current
accounts. Apparently there was a large systems upgrade which
caused a number of problems, resulting in an increase in the volume
of calls to their call centre, recently transferred to India from
Spain. The centre couldn’t handle all the calls without delays,
resulting in further complaints from customers.
Yet again we see one problem triggered by another. The call centre
probably would have been fine without the high volume of
calls. From the sound of it, the problems causing the calls were
pretty significant: direct debits changing their value to
&poound;999,999.99 (that would certainly send me into overdraft), debits
happening twice, and ten year old addresses being used.
I know how difficult it is to test every last detail, but you would
really think that they would have ironed out the major problems
before going ahead with the upgrade.
The situation probably wasn’t helped by the letter of apology that
was sent out to some of the customers who complained. It said that
it was only a very small group of customers who were significantly
affected. The implication is that the problem is less serious
because few people were affected. If I was one of those people,
this would not go down particularly well. The problems may not be
serious for the bank, but they are extremely serious for the
individual customers concerned.
http://dotkised.notlong.com
http://rewhaite.notlong.com
===============
2. Fraud prevention
Another bank, who shall remain nameless, appears to be doing little
to prevent fraud. About six weeks ago I received a call asking me
if I had recently used my Switch card at a petrol station in the
Isle of Dogs. I hadn’t, and answered accordingly. I was told that
there was a fraud operating and that I should go to my branch to
report it. I did that and they destroyed the Switch card and said
that they would issue a new one which duly arrived. There had been
about three fraudulent uses of the card, to a total value of about
£60. Apparently the fraudster had somehow got hold of my card
details; I couldn’t work out how, as it’s not a card very much. It
was annoying, but not serious, and I assumed that once the bank
credited my account for the fraudulent transactions the episode
would be over.
The other day I received my bank statement. It had the expected
credit, but also included three more purchase at the same petrol
station. These were all dated well after the original report of the
fraud. I haven’t actually used the new card that I was sent yet. So
I trotted off to the branch again to report the fraud. I was told
that the fraudsters were probably still using the old card number.
This appears to mean that stopping the old card made no difference
whatsoever. Surely a bank can spot a transaction that uses an
invalid card number? The only other explanation is that the new
card details were used, in which case the only possible source was
the bank itself. Either way, the bank isn’t doing much to prevent
fraud. The amounts involved aren’t large, but it doesn’t really
give me much confidence in the bank’s ability to get other things
right.
It’s a pity I can’t just tell the bank that I will never use the
card to buy petrol in the Isle of Dogs (given that I live 400 miles
away, and don’t have a car, this shouldn’t be a difficult promise
to keep).
===============
3. Gene databases corrupted by Excel
Apparently some long standing problems with Excel are wreaking
havoc in the world of bioinformatics. Well, causing a few problems,
anyway.
As many Excel users know to their cost, it tries to be very clever
when importing data by recognising dates and converting them to
date values. So if the string “1 Dec 2004” is encountered, it is
converted into a date serial number (in this case 38322) and
formatted as a date (for example, as 01-Dec-04, or 1/12/2004). This
conversion is irreversible: the original string is completely
replaced by the new date.
There are about 30 standard gene names that Excel interprets as
dates. If data sets that include these names are loaded into Excel,
the names are garbled and the data sets corrupted.
Excel also automatically converts strings that it believes are
floating point numbers. For example, the string “2310009E13” is
converted to the number 2.31E+13. Again, the conversion is
irreversible. There are approximately 2,000 commonly used
identifiers that fit this pattern.
It is possible, although not easy, to avoid these automatic
conversions, but you have to remain vigilant. You can’t turn them
off, but have to take special steps each time you import data. Some
solutions are described by Microsoft in
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q214233.
There is further discussion in the paper that describes the
problems, which is available at
http://www.biomedcentral.com/1471-2105/5/80#B5
The problems are not, of course, limited to the world of
bioinformatics.
===============
4. FSA update
For many readers of this newsletter, the biggy this month was the
release of PS04/12, which gives feedback on CP190, CP195 and
CP202. I’m sure you’ve all read it!
There’s a new occasional paper out this month: What determines how
much capital is held by UK banks and building societies? It’s
available at http://www.fsa.gov.uk/pubs/occpapers/op22.pdf. The
title pretty much describes what it’s about. Many banks and
building societies in the UK hold levels of capital significantly
in excess of the minimum regulatory requirements, and the paper
discusses why this might be so. Although as a generalisation
insurance companies are not currently as well capitalised as banks,
it seems to me that much of the discussion might apply to them too.
New consultation and discussion papers out this month:
—————————————————–
CP04/12 FSMA 2 Year Review: Financial Ombudsman Service July 2004
Feedback published this month:
—————————–
PS04/16 Integrated Prudential sourcebook for insurers
PS04/17 The Market Risk Module – Feedback on CP206 and ‘made’ text
PS04/18 Changes to the FSA’s Complaints Scheme – Feedback on CP04/6
and made text
PS04/20 Financial groups – Feedback on CP204 and made text
Current consultations, with dates by which responses should be
received by the FSA, are listed at
http://www.fsa.gov.uk/pubs/2_consultations.html
===============
5. Other sources of information
The availability of information is one of the really good things
about the internet. However, if you don’t know it’s there you can’t
use it. Here are a number of web sites, mailing lists and
newsletters that I use. Some newsletters are chatty, like this,
others include only headlines that point to fuller
discussions. Whether you find these interesting will probably
depend on how much your interests overlap with mine.
If you know of any other sites that I might be interested in, do
let me know.
European Spreadsheet Risks Interest Group. Includes an archive of
spreadsheet horror stories.
web site http://www.eusprig.org
mailing list http://groups.yahoo.com/group/eusprig
or send email to eusprig-subscribe@yahoogroups.com
B2-ORM is an international email user group focused on the sharing
of information on the implementation of Basel II compliant
Operational Risk Management solutions in the Financial Services
industry.
mailing list http://finance.groups.yahoo.com/group/b2-orm/
or send email to B2-ORM-subscribe@yahoogroups.com
Risks digest. Forum On Risks To The Public In Computers And Related
Systems. Long running newsletter (since 1985).
web site http://catless.ncl.ac.uk/Risks
newsletter http://www.csl.sri.com/users/risko/risksinfo.html
The Register. “Biting the hand that feeds IT”. General IT
news. Daily and weekly newsletters available.
web site http://www.theregister.co.uk/
The Opera operational risk open discussion group. Allows users to
debate and discuss any aspects of operational risk with other
professionals.
mailing list http://finance.groups.yahoo.com/group/operationalrisk/
or send email to
operationalrisk-subscribe@yahoogroups.com
News on legal and IT issues from Masons. Weekly email update
available.
http://www.out-law.com/php/news.php?area=news
Systems Modelling Ltd. Patrick O’Beirne’s site, mainly covering
spreadsheets and risk management
web site http://www.sysmod.com/
newsletter http://finance.groups.yahoo.com/group/EuroIS/
or send email to EuroIS-subscribe@yahoogroups.com
Banking risk. Weekly email update available.
http://www.bankingrisk.com/
Financial technology issues. Daily and weekly email updates
available.
http://www.finextra.com/
Erisk risk briefings. Monthly email update available.
http://www.erisk.com/
Langalist. Twice weekly newsletter covering hardware and software
for PC users.
web site http://www.langa.com/newsletter.htm
ZDnet. “Where Technology Means Business”. A wide range of
newsletters available.
web site http://www.zdnet.co.uk/
===============
6. Newsletter information
This newsletter is issued approximately monthly by Louise Pryor
(http://www.louisepryor.com). Copyright (c) Louise Pryor 2004. All
rights reserved. You may distribute it in whole or in part as long
as this notice is included. To subscribe, email
news-subscribe@louisepryor.com. To unsubscribe, email
news-unsubscribe@louisepryor.com. All comments, feedback and other
queries to news-admin@louisepryor.com. Archives at
http://www.louisepryor.com/newsArchive.do.