Products that give institutions alerts about Web downtime before consumers complain about the problems themselves can thwart customer irritation and loss an industry where trust and service is critical, a bank can't afford to receive word that their Web site is down from frustrated consumers. The chances are too great that Web savvy customers will quit the screen-based, data rich channel, or even defect to a competitor.
This is particularly true of customers who get used to having 100-percent availability of 'Net access to their accounts and other functions. Even the best continuity benchmark-the "five nines," or 99.999 percent uptime-for maintaining Web-based applications equates to over five minutes of downtime per year, which wouldn't be so bad if the assertion was actually proven more than it's claimed in service level agreements.
Because of the potential for customer loss if banks rely on those customers to alert the bank to Web site problems, institutions are turning to on-line application monitoring providers as first responders. Such firms act like attentive, Web-savvy, super loyal customers that constantly monitor and swiftly pass information on performance issues to the bank so real users that drive the P&L column don't have to.
The goal is to help a bank's internal IT staff get a jump at fixing any glitches immediately, so customers won't be the wiser. "As soon as there is a problem, the bank is made aware right away instead of waiting, you know, six hours and having one of the customers calling them and saying 'you know your application hasn't worked for a whole day?'" says Vadim Mazzo, CTO of Dotcom Monitor.
The firm monitors sites minute by minute, seven days a week and invokes pre-set escalation levels. "It depends on how the customer looks at that, but at banks there are usually many teams involved," Mazzo says. "We can escalate to a support team right away to take care of it, and include contacts with the bank's management."
Dotcom Monitor also provides performance reports that can notify banks if a particular application is responding weakly to certain user requests. The banks can then provide benchmarks for Dotcom Monitor to measure as it audits the on-line apps. For instance, if customer log-ins take longer than two seconds on average to complete, the firm will notify the bank and delineate the situation in statistical reports.
Owned by Plymouth, MN-based Dana Consulting, Dotcom Monitor has about 5,000 clients, of which, Mazza said, about one-third are financial institutions. The firm competes with Keynote Systems' Red Alert Performance Tracker, or "RAPT," which tests devices connected to the Internet every five minutes. Like Dotcom Monitor, RAPT also audits secure Web servers, domain name servers, mail servers, FTP servers and network gateways. The tool "triple verifies" that performance thresholds are breached before alerting clients.
Proponents say such tools are simply required. Whether it's due to periods of heavy traffic on the site, a network outage, a need to troubleshoot glitches, or an upgrade, the truth is that banks and customers will have to endure the occasional hiatus from Web access.
Site retooling recently stymied this reporter when trying to check on-line to ensure that an ATM deposit had been received when the bank's Web page wouldn't launch. Phone-based support staff vouched that the Web site trouble was part of a system upgrade, and assuaged fears that the account was in jeopardy.
Ensuring Web access and uptime is considered vital to continued on-line banking growth, particularly as threats of spyware and cyber-based fraud seem to proliferate. Providers like San Francisco-based MarkMonitor monitor the on-line names and domains of financial institutions to protect them from brand hijacking, phishing or site defacing. The Financial Services Technology Consortium, a group of large U.S. banks focused on IT issues, has partnered with the firm in combating phishing.
According to Mazza, application monitors can more quickly point to potential causes of performance issues, whether they're malicious or not, through trace routing and other statistical analysis among Internet backbone providers.
"If the user calls and says that they cannot access the site, they can figure out if it's a network problem or if there's something wrong with a user computer," he explains. "We monitor from nine locations around the world and each location is positioned to a different backbone. So sometimes if banks place their applications in a call center, we have kind of a dashboard, and it shows them whether their site is up and running or down from those locations."
Mazza says his firm and those like it are performance auditors, not traditional security firms. "A typical bank request will be 'give me performance data by hour over the last three months,'" he says. "By looking at that report, they should be able to say 'well, by 6:00 p.m. Central [Standard] Time the response rate of my Web site is 50 percent longer than during other hours. Then they can figure out why. Perhaps they were updating the site or everyone was coming home from work to check their account balance. Based on that information they can add more servers to increase capacity if need be."
