PSECU Offers Members New Web Site 'Vault'
It's called Rapport, and it's a free browser add-on that its developers say silently protects personal information from fraudsters by taking a new tack toward what many experts contend now is the most common kind of online identity theft and cyberfraud-browser-based attacks.
"Our entire approach is different," said Mickey Boodaei, CEO of Trusteer, an Israeli and New York company he said is led by former executives from Cyota/RSA Security, Imperva and NetScreen/Juniper.
"The basic thrust typically is to find the malware and then remove it, so you're basically acting as a filter either for Web sites that are known to be phishing sites or distributing malware, or they filter for known Trojans and viruses and other malware files that are on your computer," Boodaei said.
"Our approach is different," he said. "Instead of trying to look for malware and removing it, we look for data, for information that users are exchanging with banks and credit unions. We then basically create a vault around it that shields that information and prevents any access to it."
That appealed to Pennsylvania State Employees Credit Union.
"Our main concern here was that information between our members' computers and ours is protected," said Eric Leighow, director of IT enterprise operations at $3.4 billion PSECU (www.psecu.com) in Harrisburg, Pa.
"We wanted to do something where we reached out and offered an additional layer. Obviously, this doesn't replace any existing malware protections," he said.
"Protecting members when they conduct business online with us and reducing fraud are two key concerns we wanted to address," Leighow said.
"The Rapport product is very easy to install, even for novice computer users, and has virtually no impact on system performance or the member's user experience with our Web site," he said.
"Most important, it prevents personal information from being stolen in a way that complements existing security and antivirus software present on the machine," he said.
It does that without having to be updated with new virus definitions or other malware signatures or interfering with ongoing transactions. "We block it; we don't interfere with authenticated access," Boodaei said.
"Rapport doesn't need to learn," Boodaei said. "As soon as someone tries to access information they shouldn't, it will block that and report it back to Trusteer for analysis by our security and fraud experts.
"Not only are we capable of tracking threats on personal information, but we can also identify the threat-whether it's some kind of new Trojan or man-in-the-middle attack-and provide that information to the banks and credit unions that work with us, as well as with the other antivirus vendors," he said.
Of course, the Rapport solution's success at PSECU depends on getting members to use it, an effort that Leighow said began with a link on the Web site and now is evolving as an e-commerce push.
"They have to actually access the software from the Trusteer site and install it on their local machine," he said. "We tell them how to do it, and we tell them why.
"We tell them how important it is to take that next step in protecting your online banking information, how even when our side is completely secure, something on their side could be capturing their information, and how this can help prevent something bad from happening," he said.
"You never know what the next Trojan or some kind of other attack will be," Leighow said. "It's difficult to pin down ROI, for instance, when you put together the business piece of something like this.
"I guess the real driving factor for us is just offering another option to our members to protect their transactions and information with us. That's really the main driver in our business case," the PSECU manager said.
Tim Snyder, the credit union's administrator of information security, added, "We're filling that little gap we need to in order to push out a fully secure channel, as much as we can offer in the market today."