This morning, we had more on mobile payments technology.  Tyfone's memory card-based NFC technology seems to me like it might be the answer.  It plugs into any smartphone with a memory card slot and enables it for NFC.  Banks could issue these with their cards loaded on them, and bypass the telco.  Of course, telcos could issue them too.  Gets around the whole problem of needing NFC-enabled handsets.  I'm sure there are limitations (perhaps some handsets interfere with the signal? No direct way to communicate over the mobile network?), so I need to investigate this further, but I'd be interested if anyone has any opinions on this approach.

Risk management, identity, and fraud were big topics today - much talk about the virtues of a federated identity model similar to that proposed by IdenTrust or Liberty Alliance.  According to one attendee, there should be a big announcement in a couple months with a major bank about a new push in this area.  Having a secure credential that could be accepted across multiple industries would facilitate a whole series of new opportunities for financial institutions, from financial supply chain management to health care payments to mobile payments.  Big questions about who manages the system, can the government seize records (or use pressure like it did with the telcos), loss of privacy, increase in privacy, will this force the bad guys to go back to old-fashioned ways of getting money (for example, mugging)?

Having seen all the breaches lately, including the latest cracking of the UK chip-and-PIN system, I wonder if it is realistic to attempt a truly universal identity system.  Will it just leave us with no way to prove that we did not commit a crime?

Another topic was the use of RFID tags for inventory control within data centers.  Wells Fargo and Bank of America have tried this, and achieved huge efficiencies.  Current techniques involve the use of barcode stickers, but these invariably end up on the side of the equipment that you can't reach, so you have to take apart the entire stack, risking disconnecting it from the network or the power.  At Wells, they put a tag on every laptop; now, instead of having to show it to the guard on the way out of the office so he can write down the serial number, they just walk through the gate and their picture pops up on a screen.  At Bank of America, a job that used to take 8 days per data center now takes only a day, and they get real-time reconciliation with their asset control system.  They've even found equipment that was powered but not connected to the network, so Tivoli couldn't see it.  There are issues with physics (data centers have a lot of metal that reflects RFID signals), but these are solvable; the main issue seems (as always) to be process change and human factors.  Also, it is hard to prove an ROI in advance, because you don't know just how bad your current state is; once the technology is in place, it pays for itself almost instantly.  Anyone interested in more on this, let me know and I'll put you in touch with the speakers.