Identity theft is the fastest growing fraud at 44 per cent per year, worth £29.7m in 2003, according to recent figures from the Association for Payment Clearing Services (Apacs).

It accounts for only eight per cent of overall card fraud - more than £402m - but as chip and Pin makes its impact, Apacs warns it is likely to flourish.

Criminals are becoming increasingly sophisticated in using technology to con cardholders, and e-business is a key target.

Card-not-present fraud perpetrated over the internet, telephone or by fax was the fastest-growing crime last year - up six per cent over 2002 to £116.4m.

Beefing up online security over the next few years is therefore vital to boosting consumer confidence in e-business.

"Online fraud is a huge issue that retailers are struggling to cope with," says Michael Rasmussen, principal analyst at Forrester's security research group.

"The number of stolen credit card details is outstanding. The problem is that people think it is being perpetrated by 15-year-old hackers, but it is more often being committed by organised crime rings working online."

Sometimes, criminals don't have to try too hard. Bookseller Barnes & Noble was recently fined $60,000 by the New York Attorney General for a design flaw that exposed sensitive customer data on its website.

No credit cards were exposed, according to the company, but Rasmussen believes that such security slip-ups will increasingly be met with legal action.

"Legislation will become a major weapon to get security up to speed," he predicts. "Identity theft is a breach of privacy laws and companies risk being sued if their systems are not secure. The US is more lawsuit-friendly but the UK is heading that way."

More often, it is consumers who are slack about security. "People are lazy. They are only responsible for a certain amount if they are victims of fraud and it is inconvenient for them to take that extra step," explains Rasmussen.

The answer, he says, is to demand better security from vendors with no back doors and no bugs. Systems must be secured by default. If they are properly patched and configured, 80 per cent of the risk can be eliminated.

"Online businesses should consider deploying intrusion-detection systems to watch for people knocking at their door," says Rasmussen.

Fraudsters, however, are trying to stay ahead of the game, and scams such as phishing, where consumers are fooled into disclosing financial information using spoof websites, are becoming increasingly sophisticated.

"Barclays, NatWest and Lloyds have all confirmed that accounts have been looted this way. We are now looking at hundreds of reported phishing attacks per month as opposed to 10 incidents 18 months ago," says a spokeswoman for the National Hi-Tech Crime Unit.

Dave Birch, director of consultancy Consult Hyperion, says smartcards are the weapon of the future to obliterate such crimes.

"We need better authentication. There is a limit to online security as long as identity is contained in software and someone can copy it. You need to bring tamper-resistant hardware into the loop," he says.

The technology is already available with options such as smartcard readers, which can be attached to PCs, but consumer acceptance is a major barrier.

However, Birch believes that, as chip and Pin becomes commonplace, using smartcards online is a natural progression. "Banks are issuing millions of smartcards for use in real-world shops, and it would not take much consumer education to use them online," he suggests.

The company has worked with Apacs on token authentication to improve e-commerce security.

A card is put into a pocket calculator-like device, the Pin is punched in and the device displays a unique code number that must be entered into the web page to access the site verifying that the customer possesses the card. There are several potential options to tempt users.

"Smartcards could be used with readers attached to computers or through systems with mobile phones or digital televisions. Many people today won't go online because they fear crimes such as identity theft, which ultimately undermines e-commerce," observes Birch.

Phil Curtis, head of cards fraud at Lloyds TSB, agrees that token-based authentication is the ultimate vision. Meanwhile, Visa's Verified scheme and MasterCard's SecureCode manage to combat fraud by requiring users to enter a Pin or password for online authentication.

Despite offering online traders protection against liability for cardholder-not-present fraud, take-up is low. The problem has been getting hold of the specifications, says Curtis.

"We use 10 payment service providers and one is ready with both schemes, while another is completing testing, but we are getting there."

Barclaycard and MasterCard are currently trialling user acceptance of smartcards, with readers using SecureCode as a means to authenticate customers for internet transactions.

"We have had a good response from customers wanting to participate in the trial, which is a reflection of the security concerns they have," explains Kevin Lloyd, chief technology officer at Barclays.

Cutting user co-operation out of the equation, banks can exploit technology such as fraud detection software.

Anti-money laundering software from Searchspace uses a unique enterprise-wide approach to automate the range of decisions in fraud identification.

"Rather than having separate applications that address different types of fraud, our framework monitors all transactions to build up an explicit picture of every customer," says head of product management Ian Horobin.

"We currently focus on the banks, but as the human being is taken out of the loop and fraud continues to grow online, we see more demand from the e-commerce and government sectors."

Sealing the online security gap over the next few years will be key for all sectors. "The integrity of systems is vital because people trust us with their money," notes Curtis.

"If they don't, we won't have an industry anymore."

Smart chips are a clever security option
More than two in five UK householders now own a chip and Pin credit or debit card containing a smart chip which stores encrypted information more securely than a magnetic strip.

The £1.1bn scheme designed to tackle cardholder-present fraud replaces signatures with personal identification numbers keyed in to verify payments at point-of-sale.

Major retailers such as Asda and Dixons are starting to use the technology at their checkouts, but research by Retail Logic says that one in five will not migrate until their next planned hardware upgrade, despite the 1 January 2005 deadline, when non-compliant stores become liable for fraudulent transactions.

"Chip and Pin will tackle two types of fraud: fraud committed through lost and stolen cards, and skimming, where cards are cloned - often in bars or restaurants," explains Jemma Smith at Apacs.

But Ovum analyst Graham Titterington warns that the scheme is not the panacea for cardholder-present fraud because it relies on passwords. "In the long term, biometrics technology such as cheap fingerprint readers at point-of-sale offer better security," he says.

The Co-op will be the first retailer in Europe to trial biometric payment authentication in three supermarkets this autumn.

Bill Laird, group general manager for retail, says the pay-by-touch system, which verifies a shopper's identity by scanning fingerprints, offers another level of security to chip and Pin.

"Registering fingerprints biometrically is the next step as the cardholder must be physically present," says Laird.

Kevin Lloyd, chief technology officer at Barclays, adds: "Chip and Pin will go some way to eradicating card-based attacks."

But Lloyd further explains that when fraudsters switch their focus to other channels, most notably the internet, communication with users will be crucial, along with hardening systems security.

"We will respond to the threat through awareness campaigns," he says.