UK bank Lloyds TSB is conducting a trial of a security device that generates single-use passwords in a bid to protect its Web banking customers from phishing and spyware scams and cut online fraud levels.
Lloyds TSB says around 30,000 Internet banking customers will receive its key ring-sized 'access code device', which is manufactured by Vasco and runs authentication software developed by Cryptomathics.
The device generates a unique, one time only, six digit number that customers will enter along with usernames and passwords when logging on to the bank's Web site.
Customers will log on to the site as normal using their user ID and password, but instead of entering their memorable information they will be asked to press the button on the device to generate a unique code. The bank will verify this code before allowing access to accounts.
The bank says customers taking part in the trial will also be asked to use the device to generate a new code to authorise some online transactions, such as bill payments, instead of their normal password.
Commenting on the trial, Matthew Timms, Internet banking director at Lloyds TSB, says: "Fraudsters are becoming increasingly cunning with their tactics, and there's no hiding the fact that fraud is on the increase. The trial of the access code device is one of a number of security initiatives we are introducing to address the concerns of customers and stay ahead in the battle against online fraudsters."
Similar devices are already used by banks in Asia, Scandinavia and Australia, but Lloyds TSB is the first major bank in the UK to introduce the security system for authentication of Web banking customers.
A spokesperson for Lloyds TSB told Finextra that the devices will be rolled out free of charge to those taking part in the trial, but no decision has yet been made on whether there would be a charge for the system if the trial is successful and it is distributed to all Web banking custmers.
Although some banks in the UK expect to share the costs of delivering new two-factor authentication programmes with customers, research released earlier this year by IT services group Unisys found that, despite the high incidence of identity theft, two out of three UK consumers are unwilling to pay extra for increased security for online banking.
Earlier this year Barclaycard said it was in talks with leading UK retailers about plans to roll out pocket-sized card authentication devices for customers to use when shopping online.
The UK bank had been testing the Vasco-based chip card readers with 5000 customers and staff over the past six months. Users of the system are prompted to insert their card into the reader and enter their four-digit PIN code when shopping online. The reader and the card then generate a unique dynamic password for entry on the Web form.