Is HSBC's security software more trouble than it's worth?

20 Jul 2010
Login screen

Davey Winder wonders whether HSBC's Trusteer Rapport software is worth the hassle

Most of us are concerned about the security of our online bank account login data. For example, reader Martin Cowen emailed me to point out that HSBC keeps hassling him to install Trusteer Rapport software to protect his login from ID thieves during online banking sessions, and asks “will the banks start to disown responsibility for fraud if I don’t install it? A quick Google search found many people saying that it slowed down their PC, couldn’t be uninstalled and affects logins to other websites.”

Let’s take a closer look at this matter, given that more than a million HSBC customers have already installed it (and I was one of them, albeit briefly!).

Will banks stop taking responsibility if it isn’t installed? Doubtful, in my opinion. I didn’t have any problems logging into other websites, but I did discover a couple of niggles: Rapport was always hovering near the top of my process list for resource usage, and it stopped all my screengrab utilities from working (not just on the HSBC site, but everywhere).

I eventually found a setting to disable the latter effect, but its resource greed forced me to apply that old value equation, “how much does this impact upon my system resources?” versus “how much does it improve my security?” I decided the benefit wasn’t enough to keep it installed.

System performance improved after I uninstalled it, and given my existing security software and safe usage strategies that have kept my logins safe so far, I don’t think I’m missing out on much.

The bank would now seem to agree, since it’s stopped bugging me with pop-ups to install the darn thing every time I connect, but what does bug me is that it now offers an option to remember my initial account login whenever I connect. I’d still need to pass date-of-birth and random password character challenges to continue, but it’s ironic that HSBC should on the one hand offer to strengthen security via a third-party app while on the other suggest login autofill, which will weaken security immeasurably. The online Help does remind users not to use autofill if they share a PC, but how many people read that before ticking this time-saving option?