Online banking, for all its speed, convenience and accessibility, can be risky. The number of malware variants probing weaknesses in banking systems reaches 100 million a day, according to some estimates.
Still, those running IT departments in the banking industry say online services can be close to 100 percent safe with layered security. One increasingly popular layer is Rapport -- a light-weight security software tool made by Trusteer, a Boston-based browser security vendor.
Rapport, launched in 2008, "locks down customer browsers and creates a tunnel for safe communication with the online website (and) prevents phishing via website authentication to ensure that account credentials are passed to genuine sources only," according to the company.
In the words of security blogger Brian Krebs of KrebsonSecurity, who reviewed the product on its launch in 2008, "the software works by assuming control over the application programming interfaces or APIs in Windows."
When data-stealing malware tries to hijack the APIs, Rapport, "examines these and other vital Windows APIs to see if any other process is trying to intercept sensitive data. It then blocks those that do."
As Trusteer Vice President of Marketing Yishay Yovel puts it, "It isolates the browser. (The malware) can't inject anything."
In other words, it seeks to block infections, instead of discovering them after they have occurred.
The tool is effective enough to have a customer base now of nearly 200 banks representing tens of millions of accounts, including behemoths like Bank of America.
John Catan, senior vice president and MIS of BankFIRST of Florida, says he began using Rapport about two years ago. BankFIRST has about $700 million in assets and 17,000 customers -- about half of them using online services.
"When I first started reading about Zeus Trojans, I just stopped doing online transactions," he says. "But I immediately started looking for a solution. I was doing due diligence for a while, and only one addressed it the way Trusteer did -- I wanted something more proactive, that would prevent fraud before it occurred."
Catan says he downloaded it and started using it himself before bringing it into the bank system.
"If you're not protected, you can really have problems," he says, adding that Rapport is offered free to account holders. "It's just good customer service," he says. It can be used to protect transactions with other websites as well.
Yovel says the software "runs in the background" and is updated regularly -- sometimes twice a week, to counter the constantly evolving threats. "Since it is all connected to a cloud infrastructure, our customers (banks) and the end users don't even see it," he says.
Krebs, in an updated review of Rapport last year, said it, "certainly raises the bar for malware writers, and forces them to deploy Rapport-specific attacks to plant malicious software on a user's PC."
He said he thinks Rapport, "would be a decent, low-impact addition to the security of any PC user banking online with Windows," but said he was "a bit on the fence about recommending this for businesses," because of possible litigation over who is at fault if online banking credentials are stolen.
Catan says he understands that "no solution is 100 percent effective 100 percent of the time. That's why we recommend a layered security approach to our customers." Yovel says no bank is guaranteeing 100 percent security, just a vast improvement.
"If your bank says it has something that will protect you -- take it," he says.
Read more about data privacy in CSOonline's Data Privacy section.