Barclays Bank PLC has started distributing third-party antivirus software to its U.K. online banking customers after getting over the fears other banks have had that such a move could turn the call center into a tech-support hot line.
Many banks recommend certain security tools that customers can buy and install on their own. But Barclays says it is convinced that taking the extra step of getting directly involved in customers' online security makes sense given what it sees as a growing risk of losses from online fraud and the variety of threats consumers face.
Protecting customers "was easier when the primary threat was traditional phishing," said Barnaby Davis, the London company's director of electronic banking. Because phishing scams use fake bank Web sites, "the point of compromise was very clear and very tangible, and the customer could understand how they had been conned.
"With threats like Trojans, keystroke catchers, and so on, customers are probably very unaware of the threat," he said. "What we're essentially saying to the customer is: We can use our buying power to give you access to a product that we recommend that will help you protect yourself in all of your use of the Internet."
Barclays is offering customers virus protection software from F-Secure Corp. of Helsinki, including two years of free updates, and has trained employees to handle a host of computer issues that may arise when people install the software.
Barclays customers can use a special code to download the software from its Web site. It sent out the first batch of codes May 31 to 25,000 customers and sent them to 100,000 people last week. It expects to make mailings of various sizes every few weeks, and to have distributed the codes to all of its active online banking customers by mid-August. (It defines those 1.6 million customers as people have used its banking Web site within the past three months.)
Mr. Davis said that he was not aware of any other U.K. banking company offering antivirus software to its customers, but the software giveaway is not aimed at attracting new customers. "The software offer was aimed at existing customers as an added value service, not a customer acquisition incentive," he said.
There are some financial companies in the United States that provide security software to customers, including TD Ameritrade Inc. But observers say that the vast majority shy from offering security products directly to customers, with some recommending products and some others arranging for customers to obtain discounts from certain vendors.
Walter Latinik, the vice president and manager of financial services for First Horizon National Corp., said the Memphis banking company considered offering antivirus software but decided against it, for several reasons.
"We're only as good as what third-party provider we contract with," he said.
First Horizon was also concerned about being held responsible for losses that could be attributed to problems caused by the software. "With our legal system, the liability concern is certainly a legitimate one," Mr. Latinik said.
He said that distributing software is expensive, and that First Horizon's call center is unable to provide support for another company's software.
First Horizon chose instead to address the threat of keystroke loggers by adding challenge questions to its log-in procedure in May.
Avivah Litan, a vice president and research director at Gartner Inc. in Stamford, Conn., said that when banks distribute software, they take on the burden of supporting it - a responsibility few of them want. "Banks are really reluctant to do anything with consumer desktops," she said.
She said she is not aware of any other banking company that is distributing full-feature antivirus software to customers.
The main reason is that bank call center employees are trained to handle transactions and sell financial products rather than walk people through the process of installing and troubleshooting software. And because the software comes from a third party, a bank's employees are unlikely to be as knowledgeable about it as the software company's employees.
Training a call center to support third-party software is "a nightmare for a bank," Ms. Litan said. "Customer service calls can be very expensive," and "the banks have no competency in desktop support."
Some U.S. financial companies have offered security products directly to customers.
TD Ameritrade offers its customers an antivirus scanning application from WholeSecurity Inc., a unit of the security software company Symantec Corp. of Cupertino, Calif. But unlike other antivirus applications, Ameritrade's implementation of the WholeSecurity product runs only when people log on to the Ameritrade Web site, and it only examines applications that are running on the customer's computer at that time.
PayPal Inc. of San Jose, the payments unit of eBay Inc., offers users an e-mail spam filter from Cloudmark Inc. of San Francisco to protect against phishing e-mails, though this offers no protection against viruses.
Other financial companies have arranged for discounts. For example, E-Trade Financial Corp. customers earn a 40% discount on Symantec anti-virus software. And Citigroup Inc. credit card customers qualify for a reduced rate for security software from Webroot Software Inc. of Boulder, Colo., but they must pay the full price for necessary updates.
Mr. Davis said the F-Secure software will automatically update itself for the next two years. The call center representatives are ready to handle common customer issues with installing and using the software, he said, but customers with complicated problems will be referred to F-Secure. "F-Secure is well placed to handle queries from our customers directly," Mr. Davis said.
Richard Hales, F-Secure's U.K. country manager, said Barclays customers "will probably phone us first anyway, and that's fine."
Barclays is not stopping here in its online security efforts. It already monitors online activity to spot fraud, and in the second half of 2007 it plans to distribute card readers that customers could use with smart cards to authenticate themselves online.
By that time the deal with F-Secure may become unnecessary, Mr. Davis said. "In two years' time we'll have a much clearer view of whether browsers, operating systems, and ISPs are building in a much greater level of inherent protection."
Or, Barclays may choose to offer its customers another two years of free antivirus software.
Ms. Litan said Barclays' strategy may reflect that viruses and spyware targeting financial institutions are much more common in the United Kingdom than in the United States, and that Barclays is a big target there.
And, since F-Secure has very little market share, it may have offered Barclays a low price in exchange for access to its 1.6 million active online banking users, Ms. Litan said.
At Barclays, "they're going beyond the norm to protect their customers because, in the end, it protects themselves," she said.
