Banking industry body Apacs has completed work to establish a standard for a device to physically authenticate online and telephone-based transactions.

After almost four years of development, technical specifications for a card reader and the necessary card software have been finalised, although the system’s look and feel will only be settled after final usability tests are conducted later this month.

The aim is to provide a device that allows people to use their PINs to secure transactions when banking online, and which could eventually be used for buying goods over the internet.

The standard will result in interoperable card readers that will work with any bank and any card, according to Apacs head of security Colin Whitaker.

‘We can’t have people with five or six card readers,’ Whitaker told Computing. ‘This architecture allows any UK card to be used in any reader.’

Apacs says it will be 12 to 18 months before banks are ready to start deploying the technology, which will require new chip-and-PIN cards to be issued to customers, as well as changes to various back-end systems.

But several High Street banks, including Barclays and Lloyds TSB, have started preparations.

‘We’re working with the industry through Apacs and the card schemes on a range of security measures, including a strong authentication device based on the chip-and-PIN technology,’ said a Barclays spokeswoman.

Lloyds TSB, which in October launched a trial of an alternative device that generates unique authorisation codes for securing online banking (Computing, 20 October), says its tests will aid any future card reader rollout.

‘It is part of the same journey,’ said a Lloyds TSB spokesman. ‘The technology is the same as the pilot project we are running, so therefore the work has already started for us.’

But analysts warn there are still issues to be resolved, such as who will pay for the technology and how to gain support in the retail sector so the device can also be used to secure online shopping.

Martha Bennett, research director at Forrester Research, said: ‘This is uncharted territory. Our research indicates that customers are not willing to pay for extra security, although the jury is still out on this.’

Online fraud cost the banking industry £14.5m in the first six months of 2005, a 263 per cent increase on the previous year (Computing, 10 November).