Is HSBC's security software more trouble than it's worth?
Posted on 20 Jul 2010 at 15:31
Davey Winder wonders whether HSBC's Trusteer Rapport software is worth the hassle
Most of us are concerned about the security of our online bank account login data. For example, reader Martin Cowen emailed me to point out that HSBC keeps hassling him to install Trusteer Rapport software to protect his login from ID thieves during online banking sessions, and asks “will the banks start to disown responsibility for fraud if I don’t install it? A quick Google search found many people saying that it slowed down their PC, couldn’t be uninstalled and affects logins to other websites.”
Let’s take a closer look at this matter, given that more than a million HSBC customers have already installed it (and I was one of them, albeit briefly!).
Will banks stop taking responsibility if it isn’t installed? Doubtful, in my opinion. I didn’t have any problems logging into other websites, but I did discover a couple of niggles: Rapport was always hovering near the top of my process list for resource usage, and it stopped all my screengrab utilities from working (not just on the HSBC site, but everywhere).
I eventually found a setting to disable the latter effect, but its resource greed forced me to apply that old value equation, “how much does this impact upon my system resources?” versus “how much does it improve my security?” I decided the benefit wasn’t enough to keep it installed.
System performance improved after I uninstalled it, and given my existing security software and safe usage strategies that have kept my logins safe so far, I don’t think I’m missing out on much.
The bank would now seem to agree, since it’s stopped bugging me with pop-ups to install the darn thing every time I connect, but what does bug me is that it now offers an option to remember my initial account login whenever I connect. I’d still need to pass date-of-birth and random password character challenges to continue, but it’s ironic that HSBC should on the one hand offer to strengthen security via a third-party app while on the other suggest login autofill, which will weaken security immeasurably. The online Help does remind users not to use autofill if they share a PC, but how many people read that before ticking this time-saving option?
How does autofill weaken security immeasurably? If you type in everything a keylogger will have it all. If you use a mix of autofill and keying then two types of virus will be required. Lloyds picked up on this fact years ago. So they employ autofill for the login name, password to be keyed, security question as drop downs.
By drummerbod on 20 Jul 2010
I installed it via Natwest for a couple of days -it was dire! It interfered with accessing other websites. It's a mini self-contained denial of service attack.
Merely making everything more difficult is not the same as making things secure.
By milliganp on 20 Jul 2010
How does autofill weaken security immeasurably?
If the PC is stolen.......?
By Lacrobat on 21 Jul 2010
All bank 'security' of ecent times is not designed to improve real account security, but to ensure that the blame for fraudulent access is placed upon the customer.
By having multiple layers of "protection" in place they can argue that it is impossible for anyone else to know them all, thus making certain that you are made financially responsible for lost funds or dodgy transactions.
By bubbles16 on 21 Jul 2010
I have never had a problem and have installed it on different OS and use different browsers. Some slow comps and not had any problems must problems can be fixed in the settings
Its not HSBC software and you can control what websites it works on
By patty on 21 Jul 2010
I've stopped using Rapport because it causes a bug in my Chrome Speed Dial extension. Trusteer, to their credit, have offered to remote control my PC so they can observe, and eventually fix, the bug but I've yet to take them up on their offer.
The other noticeable downside to this software is that it only works with stable releases of Chrome. I use the beta channel, and I'd like to see Rapport be compatible with this version of Chrome.
By pbryanw on 22 Jul 2010
I tested it and the running CPU percentage was 1-2%, when I logged into HSBC there as a transient leap to 10. I could not say that my system was slowed in anyway. Rapport only appears on my Windows Internet Explorer (v7) but not in Chrome or Opera (my default browser).
By seamusgriffin on 22 Jul 2010
I had this installed on the media PC in the lounge, it's not as powerful as my regular PC, but it's no lightweight either. I could not believe how slow the pc was and when I investigated, Rapport was to blame.
I uninstalled it and the difference is truly palpable.
Whilst I applaud the bank for trying to do something about fraud, (of which I have been a victim in the past) I rather think they should do more than attempt to just safeguard their position.
By Monst on 27 Jul 2010
We hope that many more people / businesses install Rapport as its is a PC killer and is the first thing we (IT support company) remove.
We have had so much work off the back off it!!
By Tezfair on 12 Aug 2010
Some logins can be affected
The performance issues might not be noticeable on modern PC's (dual cores etc, mine shows 2 to 3% on VISTA), but some logins can be affected (e.g. on Tesco credit card site, Rapport will block the Web Password alpha characters) after a recent update. At least the control console will allow sites to be removed until they fix their code. TD
By TD1947 on 13 Aug 2010
Dear forum members,
Firstly we would like to address Mr. Winder's points:
Rapport's anti-screen capturing mechanism only works when there is an open browser with a protected site in the background. If you minimize or close your browsers, it will not block any screen capturing attempts.
Regarding resources, Rapport's latest version introduces great improvements in this area.
Secondly, and regarding the last point, we would like to encourage anyone experiencing performance issues to contact us at firstname.lastname@example.org . Please be sure to verify your computer's spec complies with the minimum requirements:
You can also find our supported browsers in this link.
Thirdly, as you can see in the link above, we do support Google Chrome Beta versions.
Lastly, we strongly recommend contacting us for any issues regarding Rapport. Are support is free, we reply within a few hours at most and we also have live chat:
Happy new year to all,
Trusteer Technical Support Team
By TrusteerSupport on 22 Dec 2010
What is it doing
Bandwidth monitoring shows this program Downloads about 15 Meg and UPLOADS about 8Meg on every reboot of my PC
I have asked Trusteer why and still await their explanation meanwhile I have dumped it
By GORDW on 7 Jan 2011
HSBC Internet security
Lloyds solution of their Christmas Cracker quality 'card-reader' is no better. I cannot access our Lloyds accounts online any more. The card reader was dead-on-arrival and useless, meanwhile the old sign-in system has been shut down.
By TonyF12 on 7 Feb 2011
It broke System Restore!!
I stopped using it when I had to use System Restore on Windows, and it told me that the Rapport software meant I couldn't!
I gather that's been fixed now, but I'm not having software on my machine that is so poorly tested as to cause something as serious as that to happen.
It cost me several hours in re-installing software - never again. I have told HSBC it's not going near my PC again, and that's it - no second chances after you've wasted my time like that.
By jcswright on 13 Mar 2011
Re. "taking responsibility if it isn’t installed"
I was happy to read this statement from Nationwide regarding Rapport:
"At Nationwide, we take our Internet Banking security seriously. When using our Internet Banking service, providing you are using one of our supported browsers, you automatically benefit from our Internet Banking Promise.
We're so confident of our site's security that we take full responsibility for it: if you ever innocently suffer any fraud as a result of our Internet Banking service, we'll refund any money taken from your account. That's a promise."
By ndutton on 26 Jul 2011
I'm running Ubuntu, so don't have the "option" of installing this, but thought I'd share what the Bank of Nova Scotia says in the fine print at the bottom of the page encouraging you to add it to your system:
"Use of the software is governed by a license with Trusteer, which is available on that website. By downloading and installing the Rapport software, you agree to the terms of the license and to all of Trusteer’s terms and conditions, also found on the website. The Bank of Nova Scotia is not responsible for, nor guarantees, this software, other products or services of Trusteer, or the Trusteer website. "
Yah, that's a bank that stands behind this product!
By Appalbarry on 7 Sep 2011
Just say No!
I've had three days of sorting out problems with my Win7 installation. One culprit was Trusteer. On uninstalling it they sent me this:
Thank you for submitting feedback about Rapport.
We apologize for any inconvenience caused and would appreciate your cooperation in resolving this issue.
We would like to ask you to consider re-installing Rapport and see if the problem reoccurs.
You can download Rapport's latest version from the following link:
Once installed, please try manually checking for Rapport updates:
1. Open the Rapport console (Start > Programs > Trusteer Rapport > Rapport console)
2. Click “More settings”
3. Click “Check for updates”
4. The update status should appear on the bottom in blue letters
5. Restart your computer
Please wait 5 minutes after the computer has booted up, check if the issue recurs.
Should the problem persist, can you tell us the amount of CPU consumed and which Rapport process is consuming it? (RapportService or RapportMgmtService)
Are the resources consumed constantly or while performing any specific activity?
Did you have several browser windows or browser tabs open when you've observed the high CPU/memory consumption?
Could you please also send us a screen capture of your Task Manager window showing these numbers?
In order to take a screenshot, please follow these instructions:
1) When the Task Manager window is visible showing both Rapport's processes, click once on the "Print Screen" or "PrtSc" key (usually at the top of the keyboard)
2) Open Microsoft Word
3) Click on "Edit" at the top menu and choose "Paste"
4) Click on "File" at the top menu and choose "Save"
5) Give the file a name and choose a location to save it
6) Send us this file as an attachment
Lastly, can you please send us a problem report via Rapport's console immediately once the problem reproduces itself? It will send us Rapport logs from your PC which we can analyze.
In order to do that:
1) Open Rapport Console (Start > Programs > Trusteer Rapport > Rapport Console)
2) Click on "Report a problem" in the "Help and Support" widget
3) Fill in some identifying details (such as your email and the ticket ID) and send it to us
We will analyze the logs and get back to you with our investigation results.
Thank you for your cooperation.
They are now wanting people to act as unpaid off site testers for them.
I told them No.
By wiresax on 24 Nov 2011
Blue screen of death after Rapport update
An update to Trusteer Rapport is causing machines to become unbootable. I've seen this in 3 PCs over several months. The machines fail on boot-up with a Blue Screen of Death (stack buffer overflow), due to the file c:/program files/trusteer/rapport/bin/rapportei.sys
The problem can be resolved by renaming this file to anything else. Trusteer was alerted to this over a month ago, but they are continuing to push out the same update.
By kelat on 20 Dec 2011
Davey is a contributing editor to PC Pro, having covered the internet as a topic since the magazine started in 1994. Since that time he's won numerous awards for his journalism, but remains a small-business consultant specialising in privacy, security and usability issues.
- How to fix Facebook: Social Fixer
- Taking the stress out of WordPress updates
- Where to download free web fonts
- Turn your tablet into a Sky+ remote control
- How to measure the success of a new IT system
- Three years on: the state of the tablet market
- Windows 8: what works and what doesn't
- Yes, I write down my passwords
- How to make money from apps
- Hack your own radio transmitter
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Google Now draining iPhone battery
- The government website that doesn't work with IE, Chrome, Firefox, Safari, Macs or smartphones
- Dell profits slide 79% amid buyout talks
- Forget cloud subscriptions: users prefer standard licences
- McAfee: cloud storage could help spread viruses
- Analysts question Windows 8 as UK PC shipments slump
- Google pools storage across Gmail and Drive
- Ofcom accused of killing off VoIP competition
- ShoreTel dock turns iPhones and iPads into desk phones
- Bill Gates says iPad users "frustrated"
- Intel Silvermont promises three-fold boost for tablets
- Customers fume as BT introduces IP sharing