NatWest's 'Rapport' software - should I install it?

For a few months now, NatWest have been suggesting I install their 'Rapport' software (made be Trusteer). Trusteer's site says:

http://consumers.trusteer.com/learn

Whilst NatWest's blurb is:

http://www.natwest.com/commercial/security-centre/rapport.ashx

They claim that this is to be used in addition to Antivirus, Firewall, Antispyware etc, and that it creates a 'secure pipe' :huh: between your browser and their banking site.

Potentially, it can be configured to 'protect' many other sites you log into. However, Googling suggests that the software it is not without reported problems. I'm already fully protected against the above with uptodate antivirus/spyware, firewall, anti-phishinging etc, daily/weekly scans, I don't get taken in by junk phishing emails either, and am cautious about cluttering up my PCs with yet more intrusive software.

But I'm also cautious of banks who, in the event of a 'security breach' may use a customer's declination of such software as some kind of implicit negligence/get-out clause. It's not stated as costing anything (yet) but who knows their future intentions.

What do you think - install or ignore the invitations?
«1345678

Comments

  • davester
    davester Posts: 4,079
    First Anniversary Combo Breaker
    Forumite
    if in doubt don't and call Natwest or go to a branch to enquire. They sould beable to provide the exact website needed so that you not fall prey to a fake site.
    Survey earnings total 2009 £417, 2010 £875, 2011 £574
  • INT1
    INT1 Posts: 1,257
    First Anniversary Combo Breaker
    Forumite
    I think the more people that download it, Natwest will getmore of a case together to start either:
    Charging for that service which is v unlikely as that will put people off using online service which in the long run saves them money as takes the pressure off paying for someone to be in a branch dealing with your queries.
    As you mention use the your decision to decline using that service as a get clause for holding customers liable for transactions unathorised on your bank account.

    I believe if you can prove that you have good Quality internet security installed you don't have to worry about that.

    Also for other info I believe some banks have a 2/3 strike rule ;)
  • System
    System Posts: 178,076
    Photogenic Name Dropper First Post
    Community Admin
    I originally had that installed. However after a while I noticed that when a browser was open my machine was sluggish. When I checked in task manger I found that Rapport was taking a rather high percentage of CPU time (around 35% when a browser was open0.

    Uninstalled said software and now back to normal. I'm happy that I have sufficient security in place not to need this piece of rubbish
  • timbim_2
    timbim_2 Posts: 1,292
    Combo Breaker First Post
    Forumite
    As long as you connect to the site using https, then the browser achieves the same result as the Natwest software. I can't see the point in it.
    Ubuntu is an ancient African word, meaning: 'I can't configure Debian'.
  • Roy1234
    Roy1234 Posts: 169
    Name Dropper First Post First Anniversary Combo Breaker
    Forumite
    Thanks for the replies.

    !!!!!!'s comment was particularly relevant, yet another anti-whatever package on top of all the rest of the baggage a Windows PC must carry, is rather counter-intuitive. The idea of potentially all logins (not just NatWest) going via yet another bespoke piece of software, makes me shudder.

    It's curious that NatWest (RBS) are taking this approach. You can't login without both certain PIN & certain password characters (they always ask for different ones). A few wrong login attempts would soon 'lockup' your online access, I'm sure.

    Even once in, all NW online users would need a 'card reader' (issued over a year ago) plus your bank card, plus your card PIN, to create the third party payee essential to drain out funds fraudulently. It seems pretty unlikely any online scam artist could bypass that little lot, and so it's not surprising that other banks lacking such precautions are the ones we repeatedly hear of being targetted.

    A workmate's joint account (Abbey, I think) was emptied, he's almost certain that his non-techie wife responded to a phishing email at the time (although she denies this) and the said bank then had no further precautions to stop third party payees being created.

    They asked him some challenging questions (including 'what Windows service pack are you on'?!) but he stood his ground and got his money back a month later. The trouble for the banks is that online banking has saved them a fortune via the branch closures they've been able to roll out off the back of it, and so the idea that a customer could lose everything (albeit via their own gross stupidity) is one they don't want to become known/believed.
  • The use of SSL/TLS is not the same as using Rapport. https only secures the link between your PC and the bank. If you have malware on your PC it can still record your id and password and can still submit transactions against your account in the background. Rapport is intended to prevent this. I would guess from reports that Kaspersky flags it as a keylogger that it's using keylogger-style hooks to block keyloggers.

    It may be worth having. If you Google it you'll find most banks are offering it. I'm still thinking about it.
  • redux
    redux Posts: 22,976
    Name Dropper First Anniversary First Post
    Forumite
    I'm sceptical. Much of Trusteer Rapport's publicity is built on quoting tests by a small body (OITC, which stands for Okie Island Trading Company) that rather differs in both methodology and results from most more recognised anti-virus surveys, and which happens to have an interest as a reseller.

    And the product seems rather poor at dealing with false positives, i.e programs which have a legitimate reason to access the various subroutine processes it monitors.

    Ask the bank for copies of tests by their own security experts ...

    The forum search here works, and there are several threads
  • Roy1234
    Roy1234 Posts: 169
    Name Dropper First Post First Anniversary Combo Breaker
    Forumite
    It may be worth having. If you Google it you'll find most banks are offering it.

    We all know that filling up your PC with multiple antivirus/antispyware/privacy programs is a good way to slow it to a crawl, if not cause conflict issues too. For that reason, most of us opt for one or two trusted packages and stick with them.

    What bothers me is that Rapport may be offering up a get-out for the banks, in the event of a security breach. Whilst rarely if ever can such a breach be proven (at least from the customer's end of things) to be down to a specific cause, now they may be able to offer the 'Well, you did decline our security software, Sir.' response. Witness the post Chip & PIN fiascos in which customers suffering card fraud were told that the onus was now on them to prove abuse, as their new system was now proof against all fraud (except, er, a thief who peeks at you keying your PIN before lifting your wallet).

    I'm not satisfied with the lack of detail about what Rapport actually does, beyond banal reassurances. And also, knowing our fine banking industry, it isn't clear whether this year's freebie will become next year's chargeable service.

    I haven't succumbed to their offer of this software yet. Does anyone know exactly how it works, and how it might affect your other on-line usage? If it's just a glorified way of preventing a bogus login address link buried within a phishing email from working, I'm not too bothered about that risk.
  • superscaper
    superscaper Posts: 13,369
    First Anniversary Combo Breaker First Post
    Forumite
    edited 15 November 2009 at 12:55PM
    Roy1234 wrote: »
    I haven't succumbed to their offer of this software yet. Does anyone know exactly how it works, and how it might affect your other on-line usage? If it's just a glorified way of preventing a bogus login address link buried within a phishing email from working, I'm not too bothered about that risk.

    As far as I can tell it actively prevents login details on specified websites (e.g. your bank) from being logged/copied. So even if your pc was compromised within that specified circumstance of bank login page no keylogger would be able to record the login details. Quite a different approach to other security software and why it's ancilliary to it rather than replacing it. If it works as they say it does then I think it's quite a cool concept. Rather than being a malware detector it locks down the browser and communication from you to the browser. Kind of almost an internal firewall if you will.
    "She is quite the oddball. Did you notice how she didn't even get excited when she saw this original ZX-81?"
    Moss
  • Roy1234
    Roy1234 Posts: 169
    Name Dropper First Post First Anniversary Combo Breaker
    Forumite
    As far as I can tell it actively prevents login details on specified websites (e.g. your bank) from being logged/copied.

    Interesting. Does it follow from your description that it will work with all browsers (I use Firefox/Google Chrome mostly) and will not mess up other logins or web usage? And I guess, if what you are saying is true, there are no privacy issues here either?
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 342.2K Banking & Borrowing
  • 249.8K Reduce Debt & Boost Income
  • 449.3K Spending & Discounts
  • 234.4K Work, Benefits & Business
  • 606.7K Mortgages, Homes & Bills
  • 172.7K Life & Family
  • 247.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.8K Discuss & Feedback
  • 15.1K Coronavirus Support Boards