Microsoft Courier: A Secret Tablet

It's tablet-tablet everywhere, we have heard a lot about Apple iPad, Amazon Kindle, Cisco Cius, Dell Streak and now 'Microsoft Courier' to join the bandwagon. Courier: Microsoft answers to gadget world?

I have been following the news for quite some time that Microsoft is working on secret project headed by J Allard, Entertainment and Devices tech chief, which is close to its final prototype stage. I got curious to find the answers to some of the interesting questions like: What is so cool about this device? Is it worth to compare Courier with other tablet devices like iPad, a device from the UI guru Apple? Let's look at the device snapshot to find out:

Microsoft Courier is exact opposite of Apple’s iPad, it has twin screen that would fold like a book, a mashup of a pen (stylus) dominated interface with several types of multitouch finger gestures, and multiple graphically complex themes, modes and applications, 3x megapixel digital camera, pdf and MS Office support. Courier will use specialized version of Windows CE with a caveat that courier will only allow the applications that are designed to support courier booklet form factor. So, no-no to windows native applications.

Here is the link to check out more on Microsoft Courier:

http://www.youtube.com/watch?v=UmIgNfp-MdI

That sounds sounds so much to see in this digital-journal!

Well, we may not be able to see this device ever commercially. I read another news sometime back at Microsoft Blog that Microsoft killed the project completely. As per Microsoft VP of communications Frank Shaw: “At any given time, across any of our business groups, there are new ideas being investigated, tested, and incubated. It’s in Microsoft’s DNA to continually develop and incubate new technologies to foster productivity and creativity. The 'Courier' project is an example of this type of effort and its technologies will be evaluated for use in future Microsoft offerings.”

Right after this news I started seeing other hardware companies like Asus who has originally launched their tablet projects with Microsoft Windows 7 are now switched to Android.

Muhammad Rizwan

Cloud Computing and Retail

The much talked about topic these days is Cloud Computing but, does it make any sense to associate Retail with Cloud Computing?! We have often read this phrase at many business and technical articles that “Cloud has good potentials” and we often heard the big5 companies doing serious investments in this area. I think it is important to relook the concept of cloud computing before associating this technology with retail industry.

Not many businesses truly understand the concept of IaaS, PaaS and SaaS and the difference between public, private and hybrid clouds. But to me it’s a make-it or break-it decision while choosing the right cloud model for your business. We will investigate these models in a different blog.

Salesforce.com who I think are the real leaders for cloud computing identified a specific need; that it’s hard for a small to midsize business to manage big systems like CRM. With Salesforce.com, now those same companies only need a web browser. Another very important example is Amazon who has rated number 1 as the strongest retailer in 2010 according to RIS news.

Here are some of the top benefits a retailer would get out of cloud.

Quick and cost effective deployments: Salesforce.com is being used by the Japanese government to implement a nationwide eco-point program. Consumers get points for buying eco-friendly appliances and receive credits that they can use towards future purchases – and the entire system was built on Force.com site technology in three weeks.

Close relationship with customer: the most important step to build the relationship with customer is to know the specific customer needs. Cloud makes it easy to track customer buying pattern, which can further used for customer-basket-analysis and help to approach with right product at right time.

Cost effective inventory investment: cloud helps business to maintain daily sales, inventory reorder level and reporting. Cloud services also allows retailers to plan demand patten through online services dynamically whether that is directly in-house or through their suppliers.

Variety of platform supported: cloud enables retailers to reach out their customers through Web, mobile, or hybrid-applications that use the cloud.

Muhammad Rizwan

Of Pizza Boxes and Enterprise Payments

The enterprise payment world is undergoing a change. The days of proprietary payment systems, where everything from hardware to software to configuration was spelt out by software suppliers, no longer exists. Fueled by the fierce competitiveness in the payments world, innovation in enterprise payment systems are no longer being fore-fronted by payment companies or networks, but rather by companies who are looking for greater control and the ability to offer quick innovative solutions to the world.

I was asked in a recent interview what drives payments solutions in ISTS, and my answer was that we dream and realize development savings for our clients while delivering value, flexibility and robustness in an enterprise payment solution. That’s our guiding light. Technology. Innovation. Cost benefits.

We have never believed in a proprietary world, and have always advocated in affordable systems that can run on proprietary hardware using a lot of open source coupled with the best of the breed market systems to create layered and modular architectures that can be scaled up depending upon a client need or a client’s growth. We have never felt the need for a small retailer to go for a multimillion dollar hardware and software implementation.

Some of our very huge installation bases, which warrant astounding throughputs levels now, started with single boxes that we have clustered and scaled up over time, causing little or no investments to our customers. We have been able to do this by continuous product innovation and research in new technologies, and our ability to implement them in solutions. We have replicated this model successfully for different levels of enterprises, in geographies all around the world.

The future for enterprise payment systems would be driven by a number of factors,

1. How flexible and customizable enterprise systems are without people undergoing a huge learning curve, so that implementors and enterprises themselves could quickly customize them according to their needs

2. How much of service oriented architecture is provided so that work duplication is reduced to a minimum

3. What is the scalability model on the enterprise? Does the investment on day 1 have to be everything, or can it be scaled over time?

Let’s face it. If Google can run their entire real-time search bots on commodity hardware and scale up uninterrupted for the longest time, we see no reason why payment systems can't replicate that model.

Vivek Awasthi

Enterprise Class switches: Design Approach

While recently working on an almost year long enterprise project at ISTS, a bunch of us here at ISTS were required to spend a fair amount of time in thinking, designing and implementing the solution. At high-level business requirements was simple; we were supposed to build a system which should have capability to receive messages from merchant host systems and pass that message to a pre-paid card processor and yes must log the transaction activities to some persistent store. a.k.a Switch.

Complexity was not in the initial design; complexity arises further when message volumes, response times and multiple integration points are analyzed. During requirement analysis phase we analyzed that system has to:-

• Receive message from multiple host systems using multiple transmission and messaging protocols
• In-coming message based on card’s BIN number, message attributes and transaction types must route to a pre-defined processor
• Rules and Workflow has to be part of the system so that every message can be validated and certain business component can worked upon in-coming message
• Integration with multiple processors using their different transmission and messaging protocols
• Transaction log persistent
• Guaranteed response return to host system
• …and a lot more

Key designing factors to come up with a solution for fulfilling the requirements were not only using the industry proven well-known methodologies or design patterns but also the growing business needs. More merchant on boarding, multiple integration points, and adding extensive ‘unknown’ future-ability based on custom messaging protocols and addition of business components were some growing business needs.

After spending time on learning and designing, the known approaches and methodologies, we finally succeed in identifying, decoupling various parts of system based on their responsibility. Decoupling of various sub-systems and unified integration between these sub-systems helped a lot in building, managing and enhancing sub-system independently without affecting other pieces of the system.

Here is what the final design comprised of:

• Adapter (Receive and Transform): An adapter is an acquiring (receiving) side sub-system of Transaction Switch that is exposed to the acquiring merchant for accepting transactions. Adapter is responsible for accepting connections on a specific protocol on a specific exposed messaging specification. System is capable enough to accommodate as many as adapters are required.
• Core (Workflow, Rules and Persistent): Core functionality of the Transaction Switch is independent of any particular protocol, adapter or cartridge. All subsystems such as processor specific cartridges or adapters existing in the Switch is utilize directly or indirectly the functionality provided by the core system. All subsystems might have dependency on core system but the core system itself does not have any dependency with any subsystem. Core system will work based on the workflows and rules defined. All workflow and rules worked on IMF (Internal Message Format).
• Cartridges (Outbound Processor Implementation): Cartridges are implementation of issuer/ processor specification. Cartridges are responsible for establishing network connectivity with issuer/ processor, sending various requests to issuer/ processor and receiving response from issuer/ processor.

Some key frameworks/products used to develop this system are:

• Java: System is based on pure Java/J2EE platform and can run on Windows as well as on multiple flavors of Linux and UNIX.
• jPOS: jPOS is a open source Java® platform-based mission-critical financial transaction library/framework that can be customized and extended in order to implement financial interchanges, protocol converters, payment gateways, credit card verification clients and servers (merchant/issuer/acquirer). jPOS can help realize product or project in a significantly reduced time period which most often translates into greatly reduced costs.
• GigaSpaces: GigaSpaces is an implementation of JavaSpaces Technology. The JavaSpaces technology is a high-level tool for building distributed application. It is a tie, space & Data Grid based architecture. Communication between Cartridges, Adapter & Issuer participant happens through the GigaSpaces. Also all static configuration information can be stored in GigaSpaces for faster retrieval.

Summary:

Key design considerations, technologies helped us in achieving the peak TPS of 900 transactions per second and peak daily transaction volume about 4.5 million transactions. Because of the open nature of design, we have been able to whip up around 35 acquiring channels, and have interfaced with more than 100 processors/institutions.

Sanjay Mishra

Securing mobile applications

Mobile apps have grown in popularity thanks to the huge success of Apple’s app store. Every other mobile platform including Apple is providing sdk’s for developers to build mobile apps for respective platforms. These include the likes of Blackberry, Windows Mobile, Symbian, palm and the latest kid on the block Android. While some of the apps are an extension and similar to what one would experience accessing on a PC/ laptop using internet browser others could be a hybrid version. A hybrid application are one’s that uses best of both the worlds; it has accesses resources over the internet by calling web-services and use native api’s of the platform to perform some form of client side processing.

Developing a hybrid app for different platforms or different versions of the same platform can be a challenging. It is interesting to note how different platforms have been selective in exposing native api’s for developers to use and build mobile apps. There could be quite a few reason for such limitations, speed to get a sdk out in the market, possible hardware limitations, third and probably the most important security. Like in the PC world, mobile these days carry huge amount of user specific data that needs to be secured, it could be your mobiles phonebook, emails, text messages or even location where you are at any given point of time as your mobile is sending signals to the nearest mobile towers.

Security is key when a mobile app is being used to access enterprise applications such as email servers, ERP applications, salesforce application etc. One way to ensure high-level of security is using two-way authentication. In two-way authentication it’s important for a client device to share its certificate that’s authenticated at the server before establishing a secure connection to exchange data. Two-way authentication is a 2 step process – certificate enrolment and authentication. Certificate enrolment is a 4 step process, client (which is the mobile app) request for a root certificate from the host. A root certificate needs to be a trusted certificate, typically signed by 3^rd party certificate authority (CA) such as Verisign. Once the Root certificate is received, the application generates a CSR (Certificate signing request) that is sent to the host. A CSR typically contains device level information (such as UUID, MAC address, MCEI code etc) and user specific information (user name & password) and passcode identifier. The information exchanged through CSR is the enrolment information that helps identify the user. The CA server extracts the passcode from the CSR to cross-check with the back-office. Once the passcode is confirmed, the CA issues a client certificate that is delivered back to the device. The user specific information is stored in the back-office for future verification.

Once certificate is enrolled the authentication process kicks-in, the mobile app shares the client certificate with the host server, prior to exchange of sensitive data. The host extracts the user specific information from the client certificate to verify the identity if the user information exists in the back office database. Once verified, client and the servers have confirmed their identities and are now ready to initiate exchange of sensitive data over a secured connection.

Ajay Vijh

Social Networks go creditworthy

Now a widely accepted term, social payments have been doing the rounds for some time. However, classification of social payments is ambiguous right now. It is often related to buying from social networking sites, which might not necessarily be true.

The concept of social payments is just an extension of the real world, wherein people either collect money to buy someone something, or a person collects money and when they reach a threshold they will buy it. The replication of real world and how one interacts in a social environment with money has been the basis of social payments.

Examples of social payments would include things as you select something and hold it and other people pay for it either individually or collectively, and when that forms the required pool, the item is rendered sold, else the money is returned to the individuals.

Social networking is now extending to lending and borrowing. Yes-secure.com is shortly launching a service for connecting borrowers with lenders. This would be based on a trust factor of connections, in addition to credit and other financial checks at the back office. They will then suggest a worthiness score of a borrower, and either auto lends, or selectively lends. The social networking aspect increases your worthiness based on the network of friends around, and their credit scores and worthiness. This is like the pigeon ranking for finance.

Is there a viability that social networks and its weight around a person makes him or her more creditworthy? The spread certainly seems to be moving in that direction. When the cost of accessing credibility of a person is going to cross a threshold than what the person beckons as borrowing, we would assume that being socially responsible and your network is going to access you credit worthiness. It won’t be long before we start seeing this happen.

Vivek Awasthi

Digital Fortress

Is there anything like a Digital Fortress? Can someone come up with a fortress that can hold data and be protected with five levels of security that would require 200 quantum computers and an unlimited time to break?

Given that there would be something like this that can hold customer data, what would people that want to get this data do? Nothing? No, they would somehow just click a picture of it from an in-built camera in a mobile phone when it shows up on screen somehow. QED.

Thats how most of these events work. The weakest link is the give-away. Hackers find the weakest spot and turn it into a charmer. More often than not, its really a very long time before someone discovers how the data was stolen, and an un-imaginable number of theories are floated around, and then millions of dollars are spent investigating the how on the breach. This is the truth. They will not come and look in your shredder to get your card data. They will steal the card data that they want from large databases. In millions. As Schnier on security puts it "I'm sure every one of us has a credit card in our wallet whose number has been stolen. It'll probably never be used for fraudulent purposes, but it's in some stolen database somewhere."

Are current security systems that govern our payment systems adequate in provide protection for the customer? One would not think so, as some of the recent breaches that have occurred have taken places with PCI certified payment companies, or retailers. Examples would be Heartland and Forever 21, both of them complained and both breached around the same time. Hackers found very innovative ways of either getting into the fortress, or actually waiting for someone to unlock the data from there, so that they could view it. Its not PCI that makes an organization or system risk averse.

There is certainly a lack of understanding PCI, its derivations and its implementations. I recently met two EMV experts fighting over the fact that a key was supposed to be stored in the crypto chip permanently or temporarily as PCI warrants. They both were right, its only that they read the PCI specifications a little differently. And implemented either way, they both would have cleared the PCI certification.

Its true that the only network security is an "inch of air" between two computers. Its also true that this is not reality. How does one really secure all the gaping holes that are exposed from time to time. Its a very difficult thing to achieve, and thirteen or twenty-one points written on a piece of paper certainly cannot do that. Achieving end-to-end security is a very difficult task, but thats the only solution to this problem.

In our next few blogs we will explore the concepts of end-to-end security and real time fraud management in electronic payments. Keep reading!!

Asian Paints Masterstrokes Loyalty Program

Loyalty programs have usually been heard of associated with Airlines, Retail Chains or Banks/ Card Companies. Paints and decorative industry in India is highly organized with a very few brands leading the show and Asian Paints (one of the top 10 decorative coatings company in the world and is India’s largest Paint Company) is definitely a market leader, but this hasn’t stopped Asian Paints from launching a unique and innovative channel loyalty program for its paint dealers and contractors/ paint applicators.

Innovation has enabled more flexibility in color options and customizations for end consumers. As a result, meeting contractors/paint applicators s demands while remaining competitive in the marketplace is the key to long-term survival.

Asian Paints dealers are multi brand outlets and sell decorative & paints of other brands apart from Asian Paints. Dealers and paint applicators are very important touch points in Asian Paints CRM landscape. Asian Paints vision was to emerge as a truly “Customer Centric” organization wherein they understand and manage the ever changing expectation of their existing and prospective dealers & contractors/ painters in a profitable & efficient way.

To address these business challenges Asian Paints decided to launch “Masterstrokes” a loyalty program focused on dealers & paint applicators that will

• Allow Asian Paints to build a base for a longer term / continuous relationship with dealers & contractors/ painters by at rewarding loyal dealers/ contractors/ painters with various benefits
• Establish a strong brand identity with a USP
• Use technology to enable practices which would enhance customer (dealers & contractors/ painters) centricity

Masterstrokes offers more benefits, upgrades, enhanced rewards and easier redemptions, across different membership tiers. Masterstokes has become a benchmark channel loyalty program in paints and decorative industry.

Madhur Mittal

Sr. Product Manager

Welcome

Welcome to the ISTS blog.

ISTS Worldwide (www.istsinc.com) is a premier software development, consulting and systems integration services firm leveraging complementary enablers of People, Process, Technology, Global Delivery capabilities and domain expertise in the Retail & Payment technology verticals. ISTS enables organizations to maximize performance and reduce operating costs through its best of breed technology services stack delivered through a proven hybrid (onsite - offshore) global delivery model. It also services its customers professional services needs.

Through this blog, we intend to share our experiences in the retail & payments world about real world business and technology solutions.