Lloyds TSB trials token-based security device

Token-based security device generates unique six-digit number

High street bank Lloyds TSB is to trial a token-based security device in a bid to beef up security for online banking customers.

The bank is sending out keyring-sized Access Code devices to 30,000 internet banking customers in what will be the largest trial of its kind in the UK.

Donal Casey, security consultant at Morse, suggested that it is a move in the right direction.

"This is clearly the way forward. The only problem with using such devices is that the attrition rate (losses and faults) is around 20 per cent per year and may be even higher with public usage. So that can put the costs up when you apply it to a large number of users," he said.

The device works by generating a unique six-digit number which is valid for only 30 seconds and which customers use to log-on to the group's internet banking facilities.

The number is used in addition to customers entering their user ID and password as they do presently, and replaces memorable information, such as a place name or name of a pet.

For the next stage of the log-in, users will press a button on the Access Code device which will generate a code for them to type in which the bank then verifies.

The device will also be used to generate codes to authorise online transactions such as bill payments instead of customers using their password.

Many banks have held back from such a scheme due to the high costs of making it available to a large number of customers. However, the industry is facing increasing calls to implement two-factor schemes and PayPal is shortly to introduce a similar system for its customers. 

There are two main problems with such solutions: cost and user acceptance. T okens cost about £35 per customer and even more to administer, maintain and replace.

Meanwhile there is some evidence that customers prefer simple password systems, and there are concerns over delays caused when customers lose the device.

Gemma Smith, a spokeswoman for the Association for Payment Clearing Services, said that the banks are currently in the process of developing a standard for this kind of security system based on the use of a card reader that generates a unique code when users place credit into it.

"There will be a UK standard that will begin trials within two years, but it will be up to banks how and when they implement it," she said.

Lloyds is also offering customers a free PC security scan to identify spyware, and a 20 per cent discount on security software from Zone Labs.