British banks to provide extra Web security

Major British banks are set to agree on a physical security device for all U.K. online customers to use.

This move to two-factor authentication could make customers more secure when banking online. Such systems use a physical security device that generates a password to be used only once.

Identity theft e-mails, known as phishing attacks, cost U.K. banks $22.6 million last year, according to the Association of Payment and Clearing Systems, which represents the British banking industry.

Precise details of the two-factor device should be agreed upon in May, with the banks expected to roll out devices within nine to 12 months.

"We are looking to get a U.K. standard for next month," said an APACS representative. "We are hoping this will enable us to make rapid progress. It would also be good to get a global standard."

APACS said that credit card issuer Barclaycard and the high-profile bank Coutts have already issued some customers identity devices.

Last year, former White House cybersecurity adviser Howard Schmidt urged banks to use issue customers with two-factor authentication. Schmidt is the chief security strategist of online auction eBay, which itself has yet to issue bidders two-factor authentication devices.

Not everyone is so sure that two-factor authentication is the way forward, however. "People are selling two-factor authentication as the solution to our current identity theft problems, but it was designed to solve the issues from 10 years ago," security expert Bruce Schneier said last month.

Dan Ilett of ZDNet UK reported from London.