Placing and underwriting risk is a fast moving process that is light on the frontend but very heavy in backend detail. Who the counterparty is, what level of commitment, what indeed did the counterparty take on, and how do we record all this? Millions in payouts ride on these small details.

For all the Internet hype, contracts have until now defied digitisation and analysis. Paper trails have proven surprisingly resiliant to the supposed efficiencies and security of cryptography and networks.

How did Kinnect create a commitment framework to support underwriting? How did Kinnect tie in so many competing counterparties, and bring this to a level of user acceptance such that it delivered efficiencies to the paper-based community? These are questions...

The security ramifications for the Kinnect system extend from the legal status of contracts, across digital signatures and other cryptographic techniques, to secure repositories, privacy of the messages, and a myriad of cross-border and legal issues.

Willis, a commercial player in the risk market, placed the first digital contract via the Kinnect system in December of 2003.

Iain Saville is Lloyds of London's Head of Business Process Reform, and also serves as Chairman of Kinnect, Lloyds' platform for digital contract delivery.

From the 1993 ruins of Taurus, Dr Saville led and built a team from the Bank of England to create CREST, widely acknowledged as one of the finest depository platforms around. He held the position of Chief Executive of CRESTCo from 1994 to 2002, driving the introduction of leading edge technology into shares settlement, adding central bank clearing, centralised counterparty functionality, and new technology designed to scale for larger volumes.

He left CRESTCo in 2002, looking for new challenges, and took on direction of the European expansion for Computershare, a world-wide shares register. In October 2003, Dr Saville was appointed to Lloyd's with a remit to modernise and improve business processes across the Lloyd's market.

In the past five years, the Dutch market has seen a lot of innovation in the area of payments and electronic money. This presentation will outline these developments to show how new entrants in both the Internet and mobile operator domain required Dutch banks to respond by taking a different approach to security. In this still embryonic approach, customers determine the risk level of their own payments. The presentation will outline the challenges that this approach holds for both issuers of payment instruments and supervisors.

Simon Lelieveldt is an independent payments and regulatory consultant working for both new entrants, government institutions, banks and lobby organisations.

Simon was a key member of the BIS Task Force on the Security of Electronic Money. At the Dutch Central Bank, he was a Senior Policy Analyst specialising in new payment systems, such as Chipper and Chipknip, Internet, and pre-paid cards.

Professionally, Simon Lelieveldt is a member of the European Payments Consulting Association and secretary of 1.1a2, the Dutch Association for e-money issuers in the Netherlands.

to be announced

Sally Leivesley is Managing Director of Newrisk Ltd.

C24 Integration Objects is a message format definition, transformation and transport modelling toolset which solves data integration issues for legacy systems, message-orientated middleware and xml based messaging systems. IO is approved by S.W.I.F.T. as the only mechanism to assure compliance to the S.W.I.F.T. messaging standards.

Live Code Demo

Geoff will be demonstrating the capabilities of the Integration Objects toolset and the Elecktra enterprise message monitor dashboard.

Geoff Chick has spent his entire professional career of 19 years within Financial IT and has worked on over one hundred S.W.I.F.T. implementations in 22 countries. He also ran the Braid CREST advisory board and has architected over 50 solutions integrating applications such as Midas, IBIS, HiPortfolio, Quasar, Paladign, Uptix, RIMS and GIM2 with OASYS Global and Direct, DTC, TRAX and FIX. These projects made full use of a diverse array of integration technology including Message Oriented Middleware, Publish and Subscribe, Direct Database access in addition to Internet protocols and traditional file based approaches.

Why did the old systems fail? What has changed in the world from the basis of technology, security & risk management, overall payments, security, consumer demand, etc, and why there should be huge renewed demand for both types of payment services?

These questions are illustrated with recent cases such as Bitpass, Apple iTunes.

Paul Guthrie is a principal at Payment Software Corporation, a consultancy and software developer in the field of payments and security. His vision and expertise drives the strategic development of PSC's extensive base of code and systems, and its application in the design and implementation of identity, authentication, and payment solutions.

Prior to founding PSC, Paul was CTO at Brodia, a developer of identity management, e-payments and electronic wallet technology. Brodia's technologies were integrated with seven of the top ten financial institutions in America.

Before Brodia, Paul was VP of Technology Research for Visa International, contributing to their long term strategy and venture capital programs. Visa purchased Paul's former company, US Order, an early innovator in home banking and shopping technologies where he ran operations. Paul also worked at Bell Labs, focusing on switching and networking technologies.

Graeme Burnett has over 18 years of software engineering experience in banking, government and the military.

Burnett spent six years with UBS/Warburg Dillon Read, engineering several risk solutions for Global Fixed Income. As Head of Development Engineering, he pioneered the adoption of Java, XML and Open Source technology. At Dresdner Klienwort Benson, Burnett delivered the Imagine trading platform.

In government, as Chief Technical Architect, he delivered a £40 million project to computerise the 37 offices of Insolvency Service which is still in operation today.

On the professional level, Graeme is a member of the Institute of Electrical and Electronic Engineers IEEE, the Association of Computing Machinery (ACM and the Operational Research Society ). His research interests include: Knowledge Management, Security Architecture Grid Computing and Web Services.

Grid Computing based Web Services are seen as the future platform for the provision of application functionality. We propose Grid as a platform to provide scalable web services which are developed by the Open Source community who are remunerated by some form of electronic currency. Remuneration, not reputation is the key to employ Open Source techniques in enterprise development.

Dr Alistair sits on the UK Government Grid Computing Infrastructure committee which is run by the DTI. Dunlop was the Head of Software Development at Capital Radio.

Smart cards are used for TV content access, personal data storage, personal access to restricted areas and, most of all, financial transactions. The security of all these applications is critical and dependent on the cryptosystems implemented in the chip. We look at how the chips are secured and how the chips are attacked (hacked). This is developed into how we assess the security of a system. We look particularly at how the chips are physically secured and how chip modification makes techniques such as power analysis and fault analysis easier to do.

Live Code Demo

Breaking DES and RSA on a smartcard using Differential Power Analysis (DPA).

John Walker joined his present group in 1999 with the remit to research and understand all smart card attack techniques in order to develop more secure smart card systems. This group now acts as security consultants for a number of major smart card chip and system developers. The groups home, since March 2003, is with NDS, makers of conditional access systems for satellite and cable television among other things. Prior to this John spent five years with FEI developing new applications for focused ion beam technology. Before this he spent ten years in semiconductor physics research, including work in the Italian materials physics institute and Bell Labs in Murray Hill, New Jersey.

Branchless banking promises and delivers substantially lower cost of delivery as compared to mainstreet institutions. Lower cost does in fact mean better values for consumers - at least in the branchless only world. The world of branchless banks continues to flourish after the shakeouts of 2000-2001 and is maintaining a steady course for the future.

At the same time adoption of a variety of instruments and techniques that would lower costs further, provide additional privacy and security assurances, and possibly more consumer convenience have either fallen by the wayside or not achieved critical mass. From Mark Twain eCash to EverBank, what are the opportunities for the future, and why weren't some important advances adopted?

Frank Trotter is President and Chief Executive Officer of Everbank's National Banking Group. A founding partner of Everbank, Mr. Trotter has acquired over 20 years experience in the banking industry. He has served as Senior Vice President and Managing Director of Mercantile Bank Capital Markets, and Director of the International Markets Division at Mark Twain Bank where he created the WorldCurrency(tm) family of deposits and directed the global launch of eCash(tm) in conjunction with DigiCash. Mr. Trotter is a graduate of St. Olaf College and holds an MBA in finance and international finance from Washington University.

Trotter is a widely quoted speaker on financial topics and especially the currency markets. Publications focusing on WorldCurrency or quoting Mr. Trotter in 2003 include: the Wall Street Journal, New York Times, US News and World Report, CBS MarketWatch, Forbes, Fortune, USAToday, CNNfn, the Chicago Tribune and many others. Mr. Trotter is also a recognized expert in the areas of financial technology and digital commerce.

Regulators do not recognise gold as money. Yet, gold issued over the Internet is as deserving of security as their mainstream currency cousins. In order to secure gold, we have turned to strong governance as a self-regulatory model.

Goldmoney has built a financial institution that places strong title to gold in the hands of users scattered across the world. To secure the valuable physical product, gold is secured in LBMA-approved repositories, and an independent co-signatory is placed as watchdog over the physical assets. Like separation of concerns is employed at the digital side, so that users can be assured of accurate records, and no insider inflation.

Yet, these techniques only address the fairly simple issues - How do we tie all this together into one, cohesively goverened financial instrument that delivers gold to users hands? How do we deal with due diligence, with privacy and with insider fraud?

Goldmoney's structures show reductions in operational, counterparty and systemic risks that are unheard of in the regulated sector. As growth continues at a rate of 4 times per annum, the open model of governance is available as a strong alternative to regulatory models.

James Turk has specialised in international banking, finance and investments since graduating in 1969 from George Washington University with a B.A. degree in International Economics. His business career began at The Chase Manhattan Bank, which included assignments in Thailand, the Philippines and Hong Kong. He subsequently joined the investment and trading company of a prominent precious metals trader based in Greenwich, Connecticut. He moved to the United Arab Emirates in December 1983 to be appointed Manager of the Commodity Department of the Abu Dhabi Investment Authority, a position he held until resigning in 1987.

Since 1987 James Turk has written The Freemarket Gold & Money Report, an investment newsletter that publishes twenty issues annually. He is the author of two books and several monographs and articles on money and banking.

Business holding and accounting for digital assets (payments, securities) are vulnerable to many opportunities for abuse. Primarily, these opportunities derive from a lack of governance and the delayed nature of the settlement system.

Why do governance models currently in place add to the problem? How does delayed settlement cause such risks?

These problems are solveable, but they carry costs, for intermediaries, regulators, and investors.

Live Code Demo

Ian will demonstrate the Ricardian contract lifecycle using the webfunds issuance server.

Ian Grigg is a financial cryptographer who has worked on many forms of digital cash systems. He is currently working to integrate diverse requirements such as web-payments and instant messaging into the Ricardo payment system. He holds an MBA from London Business School and co-founded Systemics in 1996.

With ten of thousands of vulnerabilities, 10 new vulnerabilities published daily and constant network changes, it takes months for enterprises to prioritize the top 2% of critical vulnerabilities that are accessible, exploitable and that matter - an unmanageable window of exposure. Enterprises also risk misallocating resources on over- and under-patching, and creating a gap between IT and executives toward communicating risk metrics in business terms.

Products that help identify and mitigate vulnerabilities through automation hold great promise to reduce staff loads, speed assessments and reduce risk. But in practice these tools have fallen short of delivering on their promises because they ignore the IT environment and business context and therefore fail in efficiently anticipating specific risks to the most valued business applications. The result: more manual work and a false sense of security. The two questions enterprises really need to ask and automate are: Where can an attacker go, and what could the damage be?

Live Demo

Through customer case studies, this session will introduce the four steps to automation:

1. Model the IT Environment.
2. Simulate Attack Scenarios.
3. Analyze Business Risks.
4. Plan Optimal Remediation.

Avi Corfas is a seasoned software, technology and security executive with 28 years of international experience. Mr. Corfas manages the European business of Skybox Security, a leader in information security risk analytics software. Previously, Mr. Corfas was Executive Vice President (Europe, Middle East & Africa) for @stake, one of the world.s leading information security consulting companies. Before joining @stake, Corfas held global executive positions with CommerceQuest Inc., Compaq and Digital Equipment. In the mid-1990.s, he was Chairman of EEMA, the European Forum for Electronic Business.