Bank of America leads the way on phishing protection

Bank of America is to provide two-factor authentication technology to 14.5 million customers in a bid to cut identity theft.

The online software, made by PassMark Security, is currently an optional service to customers in 20 states but will become compulsory in the future, the bank said.

To use the service, which is to be rolled out in all states in the country next year, customers must pick an image, write a phrase and select three challenge questions.

Earlier this year Lloyds TSB began a pilot of two-factor tokens with 30,000 online banking customers.

Customers are currently logging onto the bank's website with their username, password and a one-time six digit code generated by the token.

The move was part of a wider strategy outlined by the Association of Payment and Clearing Systems (Apacs) which said that banks should start to offer two-factor authentication, the standard for which has not yet been announced.

A spokeswoman for Apacs told ZDNet UK's sister site silicon.com: "They will be done by the end of the year. This is not about the standard now but the customer usability research to make sure they can use it."