An Amtrak train that derailed on May 12, traveling more than 100 miles per hour on a known dangerous curve, has an unfortunate similarity to the Spuyten Dyvil crash in December 2013. In that incident, a Metro North train traveling at 82 miles per hour derailed on a treacherous curve, traveling at nearly three times the allowed speed.

Four passengers died in the Spuyten Dyvil derailment. Operator fatigue was deemed to be the cause for that accident. This most recent crash killed at least eight people and eight are listed in critical condition. In both cases, National Transportation Safety Board (NTSB) experts contend that a safety measure called “positive train control” (PTC) could have prevented the disasters.

Robert Sumwalt, a member of the NTSB, explained during a press conference on Wednesday that Amtrak already has a system in place called the Advanced Civil Speed Enforcement System (ACES), which is installed throughout most of the Northeast Corridor. “However, it is not installed where the accident occurred,” Sumwalt said. “That type of a system, we call it a positive train control system, is designed to enforce the civil speed, to keep the train below its maximum speed. We have called for positive train control for many years, it’s on our most wanted list. Congress has mandated that it be installed by the end of this year.”

Sumwalt continued, “Based on what we know right now, we feel that, had such a system been installed in this section of track, this accident would not have occurred.”

He said that a thorough walk-through of the accident site was conducted yesterday and that investigators will be looking into the track, the train control signal system and the operations of the train. “Our mission is to not only find out what happened, but why it happened to prevent it from happening again,” he said.

The looming question is why this safety measure was not in place, even though PTC has been called for since a collision in Chatsworth, California killed 25 people. The Rail Safety Improvement Act of 2008 mandates that PTC for passenger and freight trains be operational by the end of 2015. But because of high costs and the complexity of the system, Congress has been considering an extension until 2020.

According to the NTSB website:

In the aftermath of the Chatsworth tragedy, Congress enacted the Rail Safety Improvement Act of 2008. The Act requires each Class 1 rail carrier and each provider of regularly-scheduled intercity or commuter rail passenger service to implement a PTC system by Dec. 31, 2015. Progress is being made toward this lifesaving goal. Metrolink became the first commuter rail system to implement PTC, when it began a revenue service demonstration on the BNSF Railway. This demonstration project is a step in the right direction, and Metrolink reports it will implement PTC fully throughout its entire system before the Congressionally-mandated deadline.

It has been more than 45 years since the NTSB first recommended the forerunner to PTC. In the meantime, more PTC-preventable collisions and derailments occur, more lives are lost, and more people sustain injuries that change their lives forever.

Yet there is still doubt when PTC systems will be implemented nationwide as required by law.

Each death, each injury, and each accident that PTC could have prevented, testifies to the vital importance of implementing PTC now.

{ 0 comments }

Ongoing soft market conditions are the most widely-cited challenge facing the global reinsurance industry in 2015, according to a global study of reinsurance professionals by insurance software company Xuber. For its Global Reinsurance Survey, the company spoke with senior professionals including insurers, reinsurers, brokers, industry organizations, lawyers, insurance-linked securities (ILS) investment managers, analytics firms and modelers, across the U.K., U.S., Bermuda, Canada, Channel Islands, Cayman Islands, Germany and Switzerland about the top concerns and biggest opportunities facing the reinsurance industry today. Of those polled, 81% listed soft market conditions among their top five concerns, followed by competition from third party capital (66%), and mergers and acquisitions (M&A) (66%).

The top five challenges cited were:

Xuber Global Reinsurance Survey challenges

Experts within the field do see plenty of growth opportunities as well. Indeed, some of this potential is thanks to the soft market. According to the report, “Another opportunity in the soft market identified by 59% of executives was to create niche opportunities that showcase their expertise. In a squeezed market, opportunities can open up for enterprising businesses that can identify today’s emerging risks and those of tomorrow and create products that are tailored for them. This can be linked to using Big Data better (51%) and diversifying the business portfolio (42%).”

The top five business opportunities cited were:

Xuber Global Reinsurance Survey opportunities

“This survey unearthed a range of new business opportunities that can provide the competitive edge needed to survive and prosper in the current environment,” said Chris Baker, executive director at Xuber. “With margins tight and prices falling, reinsurers are under great pressure to ensure their processes are as efficient as possible. Surviving and prospering in the soft market will require companies to operate at optimal efficiency, and their IT systems will be central to this. Only the savviest of reinsurers who recognize that technology can be the catalyst for change will emerge unscathed.”

Other key insights from the study include:

Xuber Global Reinsurance Survey

 

{ 0 comments }

E-commerce business models have many advantages over brick-and-mortar retailers, including lower overhead, more flexibility in product and price testing, and more opportunities to manage inventory at optimal levels based on shopper behavior and current web analytics. However, an e-commerce business can’t escape all the realities of merchants with physical storefronts—including shoplifters.

Here are six tips for preventing virtual shoplifters:

Safeguard your platform. An open-source e-commerce platform could make you more vulnerable to hackers. Ensure that you host your site with a platform that uses object-oriented programing language. Ideally, the administrative portions of your site should be completely inaccessible to anyone outside of your organization.

Maximize your SSL strategy. Use of Secure Sockets Layer (SSL) certificates have become commonplace in online transactions that involve sensitive data. As Rick Andrews from Symantec recently advised in a CIO Magazine article, however, their opportunities can be further maximized—and it may even translate into conversion improvements at customer checkout. “Integrate the stronger EV SSL [Extended Validation Secure Sockets Layer], URL green bar and SSL security seal so customers know that your website is safe,” Andrews said.

Additionally, mandate consistent business processes to ensure someone in your company is tasked with staying abreast of the latest changes in the world of online security, and keeping systems current in light of them. In mid-April, for example, the Payment Card Industry Standards Security Council (PCI SSI) announced it found vulnerabilities in the current SSL and TLC (Transport Layer Security) methodologies, exposed in part by Heartbleed and Poodle. Although merchants have until June 30, 2016 to revise their SSL protocol to remain PCI compliant, a business is vulnerable to hackers who are well aware of the opportunities to take advantage of such security “holes,” until the security updates are in place.

Follow PCI compliance standards. In addition to incorporating PCI-compliant secure payment gateways into your e-commerce site to process transactions, confirm that you aren’t storing sensitive customer data (also prohibited by PCI standards)—even if you do so to streamline return procedures. While it may extend the length of your checkout and return processes slightly, what your business stands to lose in the form of risk exposure due to stored sensitive data outweighs potential efficiency gains.

Verify card information with addresses. Although e-commerce transactions inherently include “card not present” scenarios, you can still take steps to reduce the risk of fraudulent transactions. Implement address verification systems to detect potential information discrepancies between card information and the customer. Require that the customer input security information shown on the physical card, like the three- or four-digit card verification on the back or front of the card (in the case of American Express).

Set alerts—and pay attention to them. Security alerts can detect suspicious activity before it spirals into a full-scale cybertheft—but only if you take them seriously. In the case of the Target data breach, Bloomberg reported that the merchant’s security alerts did sense suspicious activity well before the data breach was underway, but that the threats weren’t taken seriously by technology staff. At minimum, every e-commerce business should have alerts to detect unusually high activity originating from a single IP address, and to flag customers who order multiple times using different cards, in a short period of time.

Install “patches” as soon as they are available.  Your software and operating systems are only secure if they’re current. When new versions of software are released, install them as soon as possible—and immediately, if the update involves a patch developed because a vulnerability was detected.

If you operated a brick-and-mortar business you wouldn’t leave your cash registers unattended or doors unlocked after business hours—but gaps in online security are akin to doing just that when you have an e-commerce business. Establish processes and security procedures to ensure that you remain aware of changes in security standards, potential threats and areas of vulnerability. While you may not stop virtual shoplifters and fraudulent transactions entirely, optimizing your site security is your best line of defense.

{ 0 comments }

Global insurers’ level of satisfaction with their enterprise risk management (ERM) performance grew by 10 percentage points over the last two years (63% compared to 53%). This was highlighted by a 16-percentage-point increase in Asia Pacific (51% compared to 35%) and less pronounced in North America and Europe (with a seven-point increase), according to Towers Watson’s Eighth Biennial Global Enterprise Risk Management Survey.

According to the survey, 74% of global insurers said their executives and board members view the risk management function of their enterprise as an important strategic partner that adds value to the business. Notably, carriers that share this view are almost twice as likely to say they’re satisfied (73% compared to 38%) with their company’s ERM performance compared to those that believe ERM is merely a provider of risk assurance (18%) or for regulatory compliance (8%).

Insurers’ opinions of their ERM program were determined by factors such as clear links to business goals. In fact, carriers with ERM functions that are well integrated into their business planning noted higher rates of satisfaction (82%) than those without an integrated strategic plan (53%). Similarly, those with a risk appetite framework linked to specific risk limits expressed higher rates of satisfaction (76%) than their peers with no framework in place (50%).

“Companies that strive for strategic value in their risk management function — as opposed to simply using ERM for regulatory compliance — typically differentiate themselves, in part, by integrating risk management into their strategic decision-making process from the beginning,” Martha Winslow, senior consultant of the Americas P&C practice with Towers Watson, said in a statement. “Too often, senior management incorporates risk management later in the process or even after it is complete, when there’s not much chance of it influencing critical decisions.”

Towers Watson survey findings:

 

{ 0 comments }