While everyone wants better online banking security, the business case for most solutions is elusive. Even the simple step of adding an password in front of sensitive transactions can cost millions in customer service, enrollment procedures, employee training, and other soft costs.
So financial institutions, especially in the U.S., have taken a pragmatic approach to security, adding behind-the-scenes monitoring and making it difficult to transfer large amounts of cash out of the bank, rather than incur the expense of more robust login security. Banks have been especially reluctant to get involved in the security of the customer’s desktop due to the potential tech support costs and liability issues.
That’s what makes ING Direct’s new solution especially novel. The large U.S. direct bank, which has pioneered several security procedures, including multi-factor login and PINpad data entry, will offer a downloadable 400k plugin that creates a “secure tunnel” from the user’s computer to the bank (more analysis from Gartner’s Avivah Litan here).
According to the software provider, Israel-based Trusteer, even if the user’s computer is infected with malware, the company’s Rapport software defeats all attempts to view, capture, or take over the transaction. It also encrypts keyboard entry without impacting the speed of the interaction with the bank. If it works as billed, it could be a boon for online banking security.
The optional plug-in is expected to be made available to the direct bank’s 14 million customers worldwide, including 6.5 million in the U.S. The software is already in use by U.S. brokerage Muriel Siebert & Co. which mentions it in the What’s New section of its homepage (see screenshot below; read more here).
Cost
The software is now available here. It is free-of-charge to communicate with ING Direct and three other websites. Users will likely have the option to purchase a premium version that communicates with a larger number of websites.
This so-called freemium business model should help minimize the cost of the software to the financial institution. But the bigger cost issue for the bank is the customer service expense. ING Direct, which has famously kept customer-service costs down by focusing on serving only profitable customers, likely will offload as much of the tech-support burden as possible to Trusteer. But there’s no such thing as zero impact. So it will be interesting to see if they can make the ROI work across 6.5 million customers, many of whom haven’t a clue about safe computing basics.
A competing system, Safe Central from Authentium, was showcased at our Finovate Startup conference in April. The full-length demo of the program will be available here within a few days.