Lloyds TSB road-tests online security device

Bank takes first step in strategy to combat theft and quell user fears

Lloyds TSB is to test a keyring-sized security device designed to cut internet fraud and improve customer confidence in online banking (Computing, 6 October).

Some 30,000 internet banking customers will pilot the Access Code Device over the next six months, as part of the bank’s wider strategy to limit the effects of phishing emails and key-stroke-logging software.

The device, supplied by two-factor authentication firm Vasco, will provide an additional level of security alongside user IDs and passwords, by generating a unique one-time passcode that is verified by the bank’s computer network.

Even if hackers manage to capture the first passcode, attempts at theft are likely to be foiled because the customer then needs to generate a new code to authorise online transactions, says Lloyds TSB internet banking director Matthew Timms.

‘Fraud has adapted over time and spyware is more sophisticated,’ said Timms.

‘This is something we needed to tackle. Customers will use the device once to log in, and again to make transfers, standing orders or person-to-person payments.’

But despite UK banks losing £12m through internet-related fraud last year, the biggest motivation for the trial is to allay customer fears, says Timms.

Forrester Research says that security fears have stopped more than 600,000 UK internet users using online banking (Computing, 8 September).

But despite embarking on the trials, Lloyds TSB says it is committed to rolling out another two-factor authentication standard, developed by banking industry body Apacs, when it is ready.

Apacs aims to combat online security problems and card-not-present fraud, which cost banks an estimated £150.8m last year, by providing PC users with a chip-and-PIN card reader.

‘It is not a panacea for all of our security issues,’ said Bob Spencer, Lloyds TSB director of IT security. ‘When the industry is ready, we will be there with a card reader.’

The token-based system that the bank is about to test will help gauge online banking customers’ attitudes to additional security, says Timms.

Lloyds TSB is also working with rival banks and with law enforcement agencies to take down spoof phishing sites, and is increasing its use of anti-fraud and transaction monitoring systems to spot hacking attempts.