Alliance & Leicester last week raised the bar for online banking security with the launch of two-factor, two-way authentication for all its internet banking customers.
Rather than relying on a separate hardware token, such as the Vasco smart token that is being trialled by Lloyds TSB, Alliance & Leicester has used Passmark Security software to add another layer of security to its website. The same system was adopted by Bank of America 10 months ago.
The bank is the first in the UK to offer two-factor authentication to all its online customers.
The technology works by using a customer's PC or handheld device as the second-factor hardware device. Technology from Passmark takes a "fingerprint" of a customer's computer to verify identification, using HTTP headers, software configurations, hardware settings, IP address and geographic location.
Customers registering for the service choose a picture, write a phrase and pose a challenge question to help authenticate the bank to them. To use the service, they enter a log-in name and see the picture and their phrase, confirming they have reached Alliance & Leicester's site, and a password gives them access.
Phil Cracknell, a security expert at Capgemini, said the move was welcome, because it relied on local security but required nothing extra to be carried around by customers.
"The obvious risk is that if a registered laptop was stolen, that extra line of defence is gone, but that still leaves the usual security measures in place. It is just enough to make things more complex and difficult for fraudsters."