The regional bank has signed up with vendor Vasco to offer customers the Digipass GO3 token, a small key-ring sized device that generates a different numerical code every 36 seconds so that customers always log-in to their accounts using a different number. Bendigo said the device will be employed to prevent security breaches such as phishing and keystroke logging.
Bank spokesman, Owen Davis, said that although Internet banking as a whole is safe "there is a weakness at the customers' end of the process".
"Customers can either be tricked into divulging their details or their computer may be infected with a Trojan to steal their details," he said. "This device provides greatly increased protection, piece of mind and confidence for customers that they can bank in a secure environment."
The move follows the circulation of several e-mail phishing scams involving the Bendigo Bank brand that attempted to lure customers into giving up their account details with lines such as "due to a technical update we are insisting our clients to verify reactivate their accounts" or asking for customer details claiming the bank has suffered security breaches and needs to verify user access.
According to the suppliers of the Digipass tokens, Vasco, the product has yet to falter.
"There have been no security breaches using the tokens that we know of," said a Vasco spokeswoman.
The device is currently employed in 300 banks in Europe, the spokeswoman said, equating to over 10 million tokens being used by banking customers and 11 million being used in total.
Davis said Bendigo is still deciding whether the tokens will be free or if customers will have the option of buying them, as he said supplying them would come at a large cost to the bank.
"The tokens cost us AU$16.50 each, we have around 100,000 e-banking customers, so it would cost us in excess of AU$1.6 million if we provided them for free," said Davis.
Bendigo said it plans to roll out the devices to its e-banking customers later this month. Davis said in the short term the device will only be used for e-banking log-ins, as the bank has not experienced a high level threat with automatic teller machines or phone banking passwords as yet.