Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

04:25 PM
Connect Directly
RSS
E-Mail
50%
50%

Synovus Thwarts Thousands of Account Hijacking Attempts

Synovus Bank deploys Trusteer's Rapport anti-fraud solution and blocks thousands of attempts to hijack commercial customer accounts.

With "man-in-the-middle" and other types of fraudulent account hijacking attempts on commercial customers escalating, Columbus, Ga.-based Synovus Bank needed a solution it could implement quickly. "By mid-2010 ACH and wire fraud attempts seemed to occur every few days," recalls Kevin Gibson, director of product development at Synovus. "None breached our systems. But it was a problem for our customers, particularly for larger businesses where the attacks were becoming relentless."

CASE STUDY SNAPSHOT
Institution: Synovus Bank (Columbus, Ga.).
Assets: $28 billion.
Business Challenge: Stop online fraud and account hijacking attempts.
Solution: Boston-based Trusteer’s Rapport anti-fraud software solution.

Because best practices and FFIEC regulations called for a layered authentication approach, Gibson says, Synovus ($28 billion in total assets) settled on a two-pronged strategy. First, the bank decided to adopt a front-end solution that could immediately authenticate customers. In addition, the bank wanted to deploy a back-end system that would analyze traffic behaviors and IP addresses to alert the bank of potentially fraudulent activities.

For the front end, Synovus evaluated five vendors during summer 2010, narrowing the field to two. Of those, according to Gibson, the least intrusive and most user-friendly solution was Rapport by Boston-based Trusteer.

Upon inking a deal with Trusteer in November 2010, Gibson says, Synovus began developing strategies to promote customer adoption. Otherwise, he relates, the implementation required virtually no Synovus IT resources.

A lightweight application, Rapport is installed on clients' computers. The process starts when a customer logs in to a Rapport-protected account, Gibson explains. The customer immediately is presented with a customized splash page explaining the solution and is directed to click on a link that automatically downloads and installs the software.

Promoting Client Adoption

According to Gibson, it came as no surprise that the "click on a link" directive presented an adoption hurdle. "We'd always told our customers, 'We'll never ask you to click on a link,'" he admits. "However, with Rapport, the 'ask' comes after customers have authenticated."

To reduce end user resistance, Trusteer worked with Synovus on internal and external messaging as well as on customizing the splash page. For corporate customers that prohibited downloading applications, Synovus offered to implement the solution at the enterprise level.

In addition, Gibson's team elected to limit the presentment's duration and make customer participation optional. "We decided to present the splash page for four months and then reevaluate," Gibson affirms. "Customers could respond to the instructions or ignore them."

Ultimately, however, when the splash presentment began in February 2011, it met strong adoption and negligible resistance, Gibson relates. "About 42 percent of our customers adopted during the presentment period, which ran through May," he says. "And we took very few calls."

For the customers that adopted the anti-fraud solution, no incidents of fraud have occurred since the implementation, Gibson reports. "There have been 3,000 attempts, all of them stopped by Trusteer," he says.

Based on adoption data, the non-adopters, Gibson says, proved to be predominantly small businesses, as expected. "Since hackers have targeted larger businesses, those customers understood the need," he comments. "So we've now honed the message and redesigned the splash page."

In the meantime, Synovus added token layers and additional transaction completion verifications to its existing online payments environment. It also is in the process of migrating to a new payments platform from New York-based ACI Worldwide that includes a back-end fraud-monitoring component.

Regardless, Gibson foresees an ongoing relationship with Trusteer. "We'd like to expand Rapport into the retail side. Also, we've invited Trusteer to show us what other layers they offer and what's on their road map for the future," he says. "The ease of moving to Rapport helped us get to market very quickly. Now it's just a matter of adding to the layers."

Anne Rawland Gabriel is a technology writer and marketing communications consultant based in the Minneapolis/St. Paul metro area. Among other projects, she's a regular contributor to UBM Tech's Bank Systems & Technology, Insurance & Technology and Wall Street & Technology ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.