Dedicated to Deposits: Deals, Data, and Discussion

ING Direct's New Security Software


ING Direct has started offering a free download of a new type of security software called Rapport. The software is from a company called Trusteer, and it claims the software will protect your web browser sessions with ING Direct and other online banking, brokerage and retail websites. According to Trusteer, the software goes beyond the protection offered by anti-virus programs, anti-spyware and firewalls.

Brian at the Washington Post Computer Security blog describes more of the details of this new software. One issue mentioned is that it's rare for banks to get invovled in consumer desktops. The worry is that it'll create a lot of support calls. Brian tried this new software yesterday and applied a keylogger testing suite to see how well it worked. It passed, but only after he rebooted.

The issue with any security software is that it's only a matter of time before hackers find a way to break it. There's always will be an arms race between the security software companies and the hackers. However, I do appreciate improvements in online security. If it's simple to use and it adds another layer of protection, I don't see any downsides.

One important note is that banks are required by the Federal Electronic Funds Transfer Act to correct unauthorized transactions if you notify the bank within 60 days of the account statement on which the transaction appears (see FDIC article). So ING Direct should still cover your losses for unauthorized activity whether or not a customer uses this new software if notification is done in time.

ING Direct has done a good job in my opinion in making improvements. This security download is one more. Some other recent improvements (some might not be too new) include the ability to link checking accounts with trial deposits without requiring you to mail a voided check and the ability to create a "Saver ID" to replace the customer number when you log in. One online banking feature that I'm surprised ING Direct still doesn't provide is a secure message system that allows you to securely email customer service while you're logged into your account. You have to call if you want to ask or resolve account specific issues. Fortunately, ING Direct's customer service is top notch, so calling hasn't been an issue for me.


Related Posts

Comment #1 by Anonymous posted on
Having seen praises of ING's security system and customer service, I must register a strong disagreement. Writing about all the bad experiences I have had with them will require too long a letter, so I will highlight one or two. By the way, I have been their customer for very long (with one cent balance for few years now), so I have run into their follies that many of your readers may not have.

Here is one incident to ponder. My daughter had an account with them which she had closed. May be about two years later, having gotten married in the mean time, she tried to open another account with them. They refused to open the account because her name/address did not match their records (her maiden name and old address from the closed account), even though, by now, her credit reports and everything else reflected her new married status. They asked her to send a certified proof of her marriage. Well, so far, just irritating. But then, they sent a "security" letter to her old address, with sensitive personal information included in the letter, saying someone was trying to open an account under her social security number. Fortunately, we, her parents, still happen to live at that address, and the letter did not get into wrong hands. Otherwise, rather than "protecting" her from fraud, they might very well have helped someone steal her identity. Ditto for email--they sent an email to her old email address from closed account, again with certain sensitive information, asking if she was aware that someone was trying to open an account in her name. What if that email address, by now, had been reassigned to someone else?

I wrote to their ombudsman about my concerns with their security problems--with no response or action whatsoever to the best of my knowledge. I tried talking to their representatives about this and several other issues--never getting any satisfactory answer.

The reason I keep my account open with them (with 1 cent balance) is if they offer a great deal 20 years from now--I don't want them to refuse to open my account because I may have moved by then (or may change my name legally for any reason). They seem to believe that what is in their records--no matter how old--must be correct, and the burden of proof is on the client to prove otherwise. And, they think sending a letter to an old address is somehow helpful in protecting their client.

Comment #2 by O-Qua Tangin Wann (anonymous) posted on
O-Qua Tangin Wann
ING should concentrate on finding a way to raise its interest rates and keep its customers from defecting to banks that pay a higher rate than them, rather than worrying about getting people to download new computer security software.

I have over $100K in ING Direct's Electric Checking, until they dropped their rate too low, in my opinion.

So, I moved my money out (currently to Alliant CU and AARP Savings).

Security software will do no good to ING if people are not sticking around to log into ING Direct. (Oh, the irony!)

~O-Qua Tangin Wann

Comment #3 by Bruno Wassertile (anonymous) posted on
Bruno Wassertile
ING stands for:

"I'm Not Going"

I'm not going to deposit my money with you, ING Direct, since your rates are way too low.

Bruno Wassertile

Comment #4 by Anonymous posted on
The thing that I dont understand is how they can pay 3.0% interest in the US but 6.0& interest in the UK (goto: Mortgage rates appear about the same. I guess it is all supply and demand.

Comment #5 by Anonymous posted on
It makes you wonder if their present log ins are secure or their system was compromised without telling us.

ING websites always pride themselves how secure they are and now we need extra protection, from what?

I think this is a spy ware program for ING to learn all our habits and the Banks we deal with.

I will not install it, period!!!!

Comment #6 by Anonymous posted on
I agree with the poster of 8:01 AM, May 29, 2008.
I installed it and looked in the hidden files it created. All of secure web site visits are stored in a scrambled format, probably the passwords too.

I became uncomfortable and removed it from my computer, good riddens.....

Comment #7 by Anonymous posted on
So far, the best bank security system I've seen is Bank of America's SafePass. You can set it up so that every time certain transactions are attempted (billpay, login, etc... you can configure which transactions are protected) you get a code sent to you via TXT. Enter that code in the B of A website and you're good to go.

It doesn't matter if you steal my password with a keylogger. My password is useless without my cellphone. This is way better than those password-generating tokens because I don't want to carry around 800 tokens. I've always got my cellphone, however.

Now that's security.

Comment #8 by Anonymous posted on
The previous two posters are right.

I tried the software on my laptop and created "Saver ID" to replace the customer number when you log in.

Then, I transfered the log file from my laptop to my desktop, guess what, it worked, since all of my Saver Ids where transfered too.

Now imagine somebody stealing that file from your computer. This is no security at all, but a form to make diversion only.

I too removed it from my computers.

Comment #9 by Anonymous posted on
Trusteer's software has been disabled and defeated in testing. This is just marketing fluff for ING. The real danger is that other financial institutions will rush to join in this 'security theater' while all the time no one actually makes anything better (and risks making things worse through overconfidence).

Posted by: Al

Comment #10 by Anonymous posted on
"Trusteer also said the product may not work as described if users are not running as administrator, or if they have configured their browser to run in a limited user mode"

Huh? That's just insane. It would be like installing a burglar alarm for your house that requires leaving all the doors and windows unlocked!!!

Using a non-admin (limited user) account is one of the MOST important defenses you can use to protect your computer from malware.

Posted by: TJ

Comment #11 by Anonymous posted on
I looks like a spyware to me.
No thanks