THE MAGAZINE

Banks Beef Up End-Users' Security

By John Wagley
 
Organized criminals have grown more and more aggressive and technologically sophisticated in the past few years, according to law enforcement and other experts. As a result, they are reaping ever-increasing profits from banking fraud.
 
In response, financial institutions have enhanced their defenses. In one trend, banks are providing customers with low-cost or free security to address the vulnerabilities on their side.
 
Utah-based Zions Bank, for example, decided to start providing a free browser security solution to customers. The bank went with a solution called Rapport, from the vendor Trusteer, one of just a few companies offering this type of browser security and the current market leader. The bank liked that the technology appeared to complement many existing antivirus products, says Matt Wilcox, the bank’s interactive department manager.
 
Trusteer’s Rapport product encrypts data as it travels from the end-user’s computer keyboards to Web sites, helping protect against threats such as keyloggers. Data from a keyboard is protected before it can be intercepted by most malicious programs, according to the vendor.
 
Trusteer also protects browsers from malicious code injection. The latter can steal data in many ways, including by altering Web pages to ask customers for additional sensitive account information, which can then be secretly sent to a remote server. Rapport can protect users from threats that antimalware solutions might miss, according to the vendor, including newly released malware.
 
Banks can describe the Trusteer software on their Web sites and provide a link that customers can use to download the product.
 
One way Trusteer differs from many other bank security solutions is its visibility, says Wilcox. Along with helping secure transactions, he says he hopes it “sends a message” to customers that Zions is committed to account security. That message might even potentially deter at least a few would-be cyber thieves he says.
 
Zions also likes that Rapport takes few computer resources and requires relatively little work by end-users in areas such as configuration and updating.
 
Implementing the product and making it available on Zions’ site was handled mainly by Trusteer, says Wilcox. Trusteer, in fact, has handled much of the product’s technological “heavy lifting,” he says, including issues such as handling product updates as well as fielding customer questions and concerns.
 
The most time-consuming part of the rollout for Zions has been marketing and staff education and training, he says. Soon after introducing Trusteer, Zions found itself receiving more questions about the products than the bank had prepared for, he says. A large share of questions seemed to come from customers in bank branches, he says. Zions rapidly initiated new training for all branch staff.
 
When speaking with customers, staff were asked to emphasize certain points, including how the product required relatively little maintenance, could be turned on and off with relative ease, and could protect users during e-mail, online purchasing, and other sensitive transactions. The bank has also provided branches with a brochure that is now “fairly well developed,” says Wilcox.
 
While touting the benefits of Trusteer, staff were also taught to emphasize that the software could not guarantee security, says Wilcox, a point that is highlighted on Zions’ Web site as well. Staff suggested that customers continue to use and update their personal computer’s security, such as antivirus products, because no single product can fully guarantee security.
 
Stressing this lack of a guarantee is important, because it helps to minimize the liability risk a bank incurs when it gets involved in helping the customer with security, according to a Gartner Research report. Until recently, many banks decided against offering end-user solutions due partly to such concerns, according to report author and Gartner vice president Avivah Litan. However, banks have been offering such solutions more often as threats have grown and as new products such as Trusteer have made providing help easier, according to Gartner.
 
Zions is just one bank trying Trusteer’s products. The Gartner report discussed generally the results banks were seeing. It stated that Trusteer has been effectively thwarting malware attacks, according to at least a few of the banks interviewed.
No one is resting easy, however. Hackers have consistently demonstrated their ability to successfully defeat new online security and authentication methods, the report states, even if just temporarily.
 

The use of Trusteer should be viewed as just one component in a far broader, multi-tiered online banking security strategy, according to the report. Banks should continue to take maximum advantage of back-end antifraud software and other security solutions.

 

Comments

 

The Magazine — Past Issues

 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.