Fundtech hosted its annual Insights user conference last week in Miami, and I spent most of the week there meeting people who had interesting news from all over the financial world. One of them was a gentleman from Trusteer, a company that’s become increasingly well-known in the industry for its anti-fraud software that helps banks protect their customers from phishing scams, keyloggers and other malware that can compromise their account information.
It’s been fascinating to witness certain financial institutions’ approach toward cybercrime change over the past few years, from a defensive posture to a more proactive/preventative one. Once upon a time, banks did what they could to lock down their own systems and servers, and it was up to the customer to make sure his or her own end was secure. And with millions of customers “out in the wild” doing whatever they pleased on the Internet, the idea of managing such an unmanageable situation probably seemed like a longshot, to put it mildly.
Today, though, we’re seeing banks make software like Trusteer’s available for free to their online banking customers, trying to head off stolen passwords and account numbers before they happen. This is more or less a reflection of a mentality that I’ve seen take hold all over the business world in the past few years, not just banking: Identity theft and cybercrime are a fact of life now, not random unlucky incidents – so by God, if you don’t acknowledge that and do something about it proactively, you’ve got no one but yourself to blame. It’s also an encouraging sign to see banks (and others) step out with some optimism that they can, in fact, do more to stop fraud than hunker down and guard their own servers.
Is it the bank’s responsibility to make sure John Q. Public is smart about which sites he visits, and keeps his AV protection up to date? Probably not. But with the average loss from stolen information weighing in at a hefty $3,300, according to a study this year by Javelin Research, it’s probably in the banks’ best interest to prevent these incidents no matter whose fault they are, since they’re inevitably the ones who have to deal with the fallout anyway. I’m not sure how much Trusteer’s software costs for a bank to deploy (they didn’t say), but I’m willing to bet someone did the math, figured out that paying a small amount per user is preferable to spending a large amount cleaning up after the X incidents of fraud that would be averted, and decided to go with the former.
While we were on the subject, we got talking about how this is a little like what we’re trying to accomplish with our own Digital Check Advisor software, which lets a bank monitor, among other things, the physical location and IP address of a scanner being used to deposit checks, and flag the deposit if either have changed. To be sure, it’s a totally different technology for a totally different problem, but we’ve also seen an increasing number of clients asking about it lately. The obvious conclusion is that the banking world is understanding that stolen information is one situation where an ounce of prevention is worth well more than a pound of cure.