Banks set to boost online-banking security

High-street banks are preparing to increase password protection for their online banking services because of the high proportion of PCs in the UK now infected with malware.

Speaking at the RSA Conference 2008 in London, Mark Stanhope, senior manager for e-crime at Lloyds TSB, said the bank now worked under the assumption "that the vast majority of home machines are compromised".

He predicted that, in future, banks would try to get around this by sending one-use passwords to online account holders by means unconnected to the infected machine, such as by SMS or phone call.

Combining this two-factor authentication with the monitoring of accounts for unusual transactions would provide greater protection against fraudsters, he said. "You will see these type of one-time passwords being introduced at a number of banks. The lone password is no longer sufficient."

In 2005, Lloyds TSB trialled giving customers 30,000 tokens that generated a one-time password for them to enter before logging into their accounts.

Stanhope also called for industry to spearhead a drive to get information security taught in schools. He said: "If we do not start educating people about using computers sensibly then in 20 years' time we are going to find ourselves in exactly the same place."