For years, banks have been giving their customers advice on how to keep their computers malware-free. Many institutions have offered cut-rate antivirus (AV) products on their Web sites to encourage customers to use them.
But this summer one bank, Netherlands-based ING, took a new tack. It started offering its U.S. customers a suite of solutions for free. What’s more, the products contain behavior-based technology, which contrasts with most signature-based AV and antispyware products.
The bank thought protecting customers was important enough to provide the software without charge, says Robert Weaver, head of IT security at ING Direct USA.
On the bank’s site, consumers are given the option of downloading the small (400KB) product to their computers before any transactions. The software, called “Rapport” is from a small IT-security vendor called Trusteer. Rapport provides three layers of security. Part of the solution blocks operating system-level application activity that behaves differently from most ordinary programs, thereby preventing malware from running. Another Rapport feature is specifically aimed at keylogging. Keystrokes are encrypted at the driver level and remain secure until they reach the bank’s site.
Rapport also aims to fight phishing. The software validates ING’s Internet Protocol address as well as its Secure Sockets Layer (SSL) certification. Users are prevented from entering information into bogus Web sites.
One main reason banks haven’t provided free products until now is that they don’t want the headaches associated with being responsible for the software, says Gartner analyst Avivah Litan. This was a concern at ING. “We wondered if our helpdesk might be swarmed,” says Weaver.
Because of this concern, he says, the bank began offering the software with little advertising. But, so far, consumers aren’t calling the bank with many product-related questions.
Weaver likens the bank’s giving away the product to someone obtaining security software at a major chain retailer. In most cases, customers with questions will go to the software vendor first, he says.
Even with the quiet roll out, the product has been received “pretty well,” he says. Downloads have been increasing week by week.
ING’s move could also be another indicator of a growing sentiment in the IT security industry: that traditional signature-based products aren’t what they once were. Even the best AV and antispyware products have less than a 50 percent chance of catching new threats, says Litan.
Litan notes that Trusteer, founded in 2006, hasn’t yet established itself in the IT-security industry. But she says that if the ING-Trusteer partnership succeeds, other banks will almost certainly follow suit.