Barclays set for chip and PIN device roll-out

Over half a million devices will be sent out to users of its online banking service

Barclays will become the first major high-street bank to undertake a mass roll-out of handheld chip and PIN card readers to its customers later this year, in order to boost the security of its online banking system.

The firm's PINsentry technology will be issued to over half a million customers in the next few months, although initially only to those who use online banking to set up a payment to a new third party, according to the firm.

The devices will replace the need for passcodes and memorable words at log-in, which can be vulnerable to hackers if keylogging software has been downloaded onto the user's PC. PINsentry devices are also designed to reduce the risk from phishing emails because they generate a one-time passcode that will become useless for future transactions.

But the announcement met with a cautious welcome from some security experts. "Including two-factor authentication in the online banking process is definitely better security," said Sophos' senior technology consultanat, Graham Cluley. " But spyware can still steal screenshots of what bank customers are doing online, and can capture account information to use for fraudulent purposes."

He added that the devices are also susceptible to so-called " man-in-the-middle" attacks, when hackers sit between user and bank, capture real time information, and then "send unauthorised instructions to the bank while posing as the customer".

The cost of supplying these devices to customers will ultimately be passed on to them by the banks, Cluley argued.

In related news, two new surveys released today offer differing views of the impact of online crime on consumer confidence.

Cryptography specialist SafeNet found that 80 percent of consumers admitted that concerns about the safety of the internet had caused them to forgo online shopping. Three-quarters said they would feel more confident if there were an industry-wide e-commerce internet security standard.

But the new Trustguide report from BT, and part-funded by the DTI, found that consumers still use online services despite the risks to their personal information, because they believe the benefits outweigh the risks.

The report offers guidelines for government and private commerce on how to better educate users, and calls for more transparent data usage on the part of service providers.