In the second half of this year, Barclays customers who use their online bank account to set up payments to new third party accounts will be issued with handheld chip and PIN readers provided by Dutch vendor Gemalto.
Barclays will send the PINSentry devices to premier banking customers, and personal customers and small and medium businesses who use online banking to set up third party payments to someone new. It says these are the most active online banking users and are the most at risk of fraud. The bank expects to send out around 500,000 devices this year.
The devices will be used together with the customer's normal debit card and its PIN, to authenticate their identity at log in and for making certain payments. This will replace the need for passcodes and memorable words. Cardholders use their smart payment card in the hardware device to generate a single-use password that then lets them log on to check their account, make a transfer and use other web banking services.
A new password is generated each time and has a short validity period after which it is no longer accepted by the server.
Barclays defines third party payments as payments made for the first time to an account that is not a standard supplier on the established beneficiaries list, such as a utility or credit card company.
It says the rest of the bank's 1.7 million online banking customers who don't set up new third party payment instructions this year will be upgraded to PINSentry as and when it is needed for their online banking activity.
Barclays refused to disclose the cost of this initiative, but says it is happy to absorb the costs to reduce online fraud. Because Barclays provides an online fraud guarantee it bears the expense if a customer is an innocent victim of fraud, so fraud reduction is in its own financial interest as well as for the benefit of its customers.
The bank adds that the PINSentry card readers from Gemalto have been designed to an Apacs industry standard, with an audio reader available for users who have visual difficulties.
The use of one-time passwords generated by the device will not protect users from man in the middle attacks, which are becoming increasingly sophisticated. But Barclays claims that its initiatives last year, combined with the best practice information on its online banking site, provide enough education and protection for customers. Last year it began offering free anti-virus software as well as a SMS text message confirmation service to online customers.