A reader recently contacted MyBroadband to ask about security software Standard Bank’s website had advised him to download.
He was prompted to use IBM Trusteer software, but when he downloaded and tested it in Chrome, Firefox, and Internet Explorer, it showed Standard Bank’s online banking portal -onlinebanking.standardbank.co.za – as “unprotected”.
Standard Bank’s normal website – standardbank.co.za – was shown as protected, however.
“Even if I click on protect, nothing happens. Why does Trusteer protect a homepage, and when it comes to confidential information nothing is protected?” he asked.
The software in question is IBM Trusteer Rapport, which is aimed at protecting login credentials online by hiding them from malware from bad actors.
Installing the software
Following the feedback from the reader, MyBroadband tested the Trusteer software in question.
Once you log into your Standard Bank online banking account, you will notice an option to “Download security software” at the bottom right of the page, with a lock icon next to it.
Clicking on this brings up the option to download “security software”, and is accompanied by a warning from Standard Bank that it cannot be held liable for any losses related to the use of “Digital Banking”. Click the image below to read the warning.
After you select the download option, you will receive the installation file. For our test we used an Apple MacBook Pro running Chrome, and downloaded a “Rapport.dmg” file.
When you install the Trusteer Rapport software, you are given an explanation as to what it does and how it protects you.
It specifically states that its icon will be green when “Rapport is protecting your communication with the website”.
It shows an example of the icon when it is green, and then when it is grey. A grey icon means your communication with the site is not protected.
The notice also states that Trusteer is preconfigured to protect certain websites which work with it to give users the “best protection possible”.
After we installed the Trusteer Rapport software, we enabled the browser extension which was used in the example provided above.
We then navigated to standardbank.co.za with the extension active and were told the site was protected. This is shown in the image below.
However, when we navigated to the online banking page – onlinebanking.standardbank.co.za – and logged into our account, the Trusteer icon turned grey.
We clicked on the icon and it stated that “The site is unprotected”. The warning then states “Protect this site to secure your personal information”, but clicking on the Protect Site button did not change anything.
We discontinued the service
MyBroadband contacted Standard Bank about the matter, and received comment from the bank.
“The Trusteer Rapport protection is a service no longer offered,” said Standard Bank.
“We made a decision to discontinue the capability about two years ago. This was based on the logistics of getting customers to download it, particularly if they were based in corporate companies who had policies preventing customers from downloading to their devices.”
The bank said it has invested in “other technologies which are less intrusive to customers”.
“We do, however, offer Trusteer Malware for remediation.”
It added that certain customers may still have Rapport on their machines, but as it has discontinued the service both the sites “should be grey”.
Standard Bank was asked why it still offered the option to download the Trusteer Rapport software from its online banking site, but the company did not provide a response.