BoA launched the free SiteKey service - which is based on technology from PassMark Security - in June this year. Customers signing up to the free service are asked to select a Passmark - a small image and a brief phrase - and three challenge questions. This information is then requested whenever the customer logs in to access an online account.

SiteKey was orginally an optional service but BoA will now make it a mandatory part of its Web banking system in the US states where it is available. Customers will be told about the change via onscreen messages in advance.

Sanjay Gupta, e-commerce executive, Bank of America, says: "We're the first major bank to offer this extra level of protection and we're making it a standard part of signing-in to help protect all of our online banking customers from fraud and identity theft."

So far SiteKey has been rolled out to Web banking customers in 19 states and will be introduced in California this month. The bank had originally said that SiteKey would be installed across the US by the end of the year, but the deployment is now expected to be completed in early 2006, several months later than planned.

Last month the US Federal Financial Institutions Examination Council (FFIEC) set an end-2006 deadline for the banking industry to introduce multi-factor authentication for high risk Internet transactions.

The banking regulator issued new guidance on the risk management controls necessary to authenticate the identity of customers accessing online financial services, and stated that US banks will be expected to comply with the rules - which includes the introduction of multi-factor authentication - by the end of next year.