High street bank Barclays plans to issue hand-held card readers to all of its 1.6 million active online banking customers to tighten security and combat identity theft.

The firm will provide the standalone calculator-sized two-factor authentication devices throughout 2007.

They will be based on card readers developed by banking industry body Apacs to reduce card-not-present fraud which increased 21 per cent last year and cost banks £183.2m.

The devices will read chips on debit cards and then provide a one-time password for customers that will be needed to enter the online banking portal.

Barnaby Davis, director of online banking at Barclays, says the bank wants all its customers to benefit from increased security.

'We plan to issue the card readers to all online banking customers and not just business customers,' Davis told Computing.

'We've gone for this model of two-factor because it resists all known methods of fraud,' he said.

Other banks have been working on two-factor authentication but not all have adhered to the Apacs standard. Lloyds TSB, for example, is trialing key ring-based one-time password generating devices with 23,500 customers.

Alliance & Leicester became the first UK bank to issue all of its one million online banking customers with free, two-factor authentication technology in March (Computing, 16 March). 'We're aware of other organisations that are planning something similar but we believe this will become the industry standard,' Davis said.

Davis declined to comment on how much it will cost to issue the devices, but says customers will not have to pay for them.

Apacs says it welcomes Barclays decision to provide customers with two-fact or authentication, as long as the devices adhere to its standard.

'We've been involved in the development of this system so we know the benefits of it,' said an Apacs spokesman.

Barclays has already made its security intentions clear. In June it became the first UK bank offer free anti-virus software from F-Secure to all online customers, as well as a text messaging service to alert customers to suspicious transactions.

Graham Titterington, prinicipal analyst at Ovum says tight online security will become a competitive differentiator in the banking sector.

'Online banking now has so much momentum behind it that if they don't provide this service someone else will,' he said. 'You have to compare the cost of issuing these readers with the cost of provide manual banking services, or indeed the cost of fraud.'

What do you think? Email us at feedback@computing.co.uk

Further reading:

Bank strikes back at ID cheats 

Mobiles set for key role in card authentication

Phishers crack two-factor authentication