Rapport security tool increasingly popular in banking sector 4 years after launch

Online banking, for all its speed, convenience and accessibility, can be risky. The number of malware variants probing weaknesses in banking systems reaches 100 million a day, according to some estimates.

Still, those running IT departments in the banking industry say online services can be close to 100 percent safe with layered security. One increasingly popular layer is Rapport -- a light-weight security software tool made by Trusteer, a Boston-based browser security vendor.

Rapport, launched in 2008, "locks down customer browsers and creates a tunnel for safe communication with the online website (and) prevents phishing via website authentication to ensure that account credentials are passed to genuine sources only," according to the company.

In the words of security blogger Brian Krebs of KrebsonSecurity, who reviewed the product on its launch in 2008, "the software works by assuming control over the application programming interfaces or APIs in Windows."

When data-stealing malware tries to hijack the APIs, Rapport, "examines these and other vital Windows APIs to see if any other process is trying to intercept sensitive data. It then blocks those that do."

As Trusteer Vice President of Marketing Yishay Yovel puts it, "It isolates the browser. (The malware) can't inject anything."

In other words, it seeks to block infections, instead of discovering them after they have occurred.

The tool is effective enough to have a customer base now of nearly 200 banks representing tens of millions of accounts, including behemoths like Bank of America.

John Catan, senior vice president and MIS of BankFIRST of Florida, says he began using Rapport about two years ago. BankFIRST has about $700 million in assets and 17,000 customers -- about half of them using online services.

"When I first started reading about Zeus Trojans, I just stopped doing online transactions," he says. "But I immediately started looking for a solution. I was doing due diligence for a while, and only one addressed it the way Trusteer did -- I wanted something more proactive, that would prevent fraud before it occurred."

Catan says he downloaded it and started using it himself before bringing it into the bank system.

"If you're not protected, you can really have problems," he says, adding that Rapport is offered free to account holders. "It's just good customer service," he says. It can be used to protect transactions with other websites as well.

Yovel says the software "runs in the background" and is updated regularly -- sometimes twice a week, to counter the constantly evolving threats. "Since it is all connected to a cloud infrastructure, our customers (banks) and the end users don't even see it," he says.

Krebs, in an updated review of Rapport last year, said it, "certainly raises the bar for malware writers, and forces them to deploy Rapport-specific attacks to plant malicious software on a user's PC."

He said he thinks Rapport, "would be a decent, low-impact addition to the security of any PC user banking online with Windows," but said he was "a bit on the fence about recommending this for businesses," because of possible litigation over who is at fault if online banking credentials are stolen.

Catan says he understands that "no solution is 100 percent effective 100 percent of the time. That's why we recommend a layered security approach to our customers." Yovel says no bank is guaranteeing 100 percent security, just a vast improvement.

"If your bank says it has something that will protect you -- take it," he says.

Read more about data privacy in CSOonline's Data Privacy section.

Join the CSO newsletter!

Error: Please check your email address.

More about MIS

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place