Lloyds TSB tests anti-phishing hardware

Lloyds TSB is piloting a token-based security with 30,000 of its online banking customers in an attempt to crack down on phishing and other fraud attacks.

During the pilot, the customers will log into online banking with their username and password as usual but will also have to use a one-time six digit code generated by the token.

They will then have to enter another code generated by the token for certain types of transactions, such as bill payments, instead of their normal password.

Matthew Timms, Lloyds TSB internet banking director, told silicon.com: "This is the first large-scale pilot of its kind in the UK. Online is becoming an increasingly important area for customers and maintaining confidence in such an important channel is critical."

He added: "What we are looking at is putting barriers in the way and making it harder for fraudsters."

The Vasco tokens cost between £2 and £5 but Timms would not give the total cost of the trial.

But there is a fear that as credit card anti-fraud plans are put in place, fraudsters may turn towards online banking: "If [fraudsters] see their revenue declining they will look at another area to make up their loses," said Timms, who said there has been a "significant increase" in fraud attempts this year.

Last year UK banks lost £12m to internet banking related fraud - small compared to £500m in credit card fraud but Timms said the idea is to develop a system that can squash both problems.

He said: "The journey we are on is towards something that will cover 'card not present' and internet banking fraud. The standard will be for something that will fix both."

Apacs is working with the banking industry to develop a standard for card readers so that chip and PIN cards can be used to authenticate online transactions.

Timms said: "We are working very closely with Apacs on the standard for 'card not present'. At that point the standard with Apacs hadn't been agreed so we decided to go ahead with this."

This trial is, then, less about the token technology than about seeing how customers respond to the additional security: "If they aren't adopting these then what do we have to do to get customers to adopt these new technologies," Timms said.