Security has been a concern as long as online banking has been available, and financial companies have put plenty of effort into both making their systems safe and making sure customers know their Web sites can be trusted.
But banks' security strategies have generally focused on their own systems, in part because they are reluctant to tell customers what to do with their computers. One main concern is that distributing specific products to consumers could invite customer-service headaches if anyone asks the bank for help in resolving difficulties with a vendor's product.
But ING Bank FSB has decided it wants to go beyond the multiple security applications it uses to spot fraud when people log in and initiate transactions; it is now actively encouraging customers to beef up security on their end of the transaction — and is even providing the software to do so.
"There are small gaps in what everybody's doing today," Robert Weaver, ING Bank's head of IT security, said in an interview. "There's only so much we can do on the server side to prevent fraud."
To try and close those gaps, the U.S. unit of ING Group NV in the Netherlands said Friday that it is now distributing software from Trusteer Ltd., of Tel Aviv. Trusteer's Rapport software creates an encrypted communication channel between a user's computer and the bank's Web site, and blocks outside applications — such as keyloggers — from gaining access to data in the channel.
It also protects consumers from visiting phishing Web sites by verifying that the server at the other end of the channel is one that is known to belong to the bank.
The vendor said its software does not slow down communication. Trusteer's software is free but optional to ING customers.
ING is also using Rapport's presence on a computer as part of its risk evaluation, he said, and might eventually require people to have the software to initiate some kinds of high-risk transactions.
Mickey Boodaei, Trusteer's chief executive, described his software as set-it-and-forget-it.
"It's kind of always-on but, in a sense, inactive" until the user tries to bank online, he said. "Once the user goes into ING Direct, then additional layers of security become active and protect the session, basically building the secure pipe for the session."
When the software is installed, it can protect communication with any other companies' Web sites but works best with sites operated by Trusteer clients.
Most banks encourage customers to protect their computers, by using anti-virus software, for example, but only a handful of companies have taken the extra step of distributing software to people. Muriel Siebert & Co. Inc., a New York brokerage, is also using Rapport.
Scottrade Inc. and Barclays Bank PLC have distributed commercial anti-virus software to their customers. And TD Ameritrade Inc. has offered software from WholeSecurity Inc., a unit of Symantec Corp. in Cupertino, Calif., that scans for and blocks malicious software as customers log in.
Avivah Litan, a vice president and research director at the market research company Gartner Inc., said ING is taking "a pioneering step, and if it works well for ING Direct, I think many more banks will take the same step."
Financial companies have been reluctant to distribute software, she said, because customers are likely to call their bank first if they have any difficulty installing or using it. Not only are the banks often unable to answer technical questions, these calls drive up their customer service expenses.
Ms. Litan said that ING's decision could indicate that its potential losses to fraud are higher than the costs associated with supporting the Trusteer application. She also noted that ING's fraud risk may have risen since it introduced an online checking account last year that made it easier to move money out of ING accounts.
"They need this kind of extra protection because they've introduced these new checking account features," she said.
Consumers "actually really value" security improvements such as this, she said. In a survey of 4,500 online U.S. consumers at the end of last year, Ms. Litan found 53% saying extra security was "extremely important" when choosing to bank online; another 23% said it was "very important."
Rapport's anti-phishing element is important because, banks efforts are "not stopping customers from falling for phishing attacks," she said.
"All eyes in the financial services industry are going to be on this implementation," she said.
