For companies operating on the internet, the challenge of providing a safe and secure environment for customers has grown significantly.

For the financial services industry in particular, it's a major problem: bringing customers online helps lower the cost of doing business, but the rising volume of digital menaces threatens to erode public trust.

One of the fastest-growing scams is phishing, a form of online identity theft.

A recent report from researcher Financial Insights reported that phishing will cost financial services firms $400m (£217m) worldwide in fraud losses in 2004.

"The trend is worrying," said Barclays chief technology officer Kevin Lloyd. So why are so many people falling for these tricks?

Inside a phishing scam
Part of the challenge is that the technical prowess of the conmen is increasing faster than banks can come up with ways to combat it.

"What is clear is that these are very sophisticated fraudsters and they've turned their attention to the internet channel," said Lloyd.

The scams typically target customers by sending emails pretending to be from their bank.

The email convinces recipients to click on a link, which takes them to a near-perfect copy of their online banking site - but usually missing the padlock symbol at the bottom of the web browser indicating that it is secure.

People are asked for their full password, rather than the variable selection of characters requested by the real site. "Hey presto, you've given away your details," explained Lloyd.

Many scams are sophisticated enough to use those details and dynamically link users to the real banking site and log them on as normal.

"But when you log off, your details have been kept by the fraudsters who then log in, change your password and typically set up a third-party beneficiary and pay out the maximum amount available," said Lloyd.

The money will be collected almost instantly by a debit card transaction, which appears completely legitimate to the bank. "And then everyone disappears," added Lloyd.

Another method used by scammers is a Trojan horse virus that accesses banking sites by monitoring and capturing the keystrokes typed.

To combat this, some banks have changed their sites to make people select numbers from a drop-down list rather than typing them on the keyboard.

"But now the criminals are clever enough to measure the mouse movements so they can detect which numbers you've clicked on. There's not much you can do about that, because that's real sophistication," warned Lloyd.

And the bad guys are becoming smarter still. "The grammar used to be poor and it was a hit-and-miss affair," explained Barclaycard technology consultant Dave Taylor.

"We are now seeing emails that are marketing-focused. The grammar is excellent and you'd never know it came from a hacker.

"We're also seeing a lot of really interesting code that is being deployed on our customer PCs. They're much more successful than they were six months ago."

Dealing with the problem
So how can banks cope? Customer communication is a priority, according to Matthew Timms, head of internet banking at Lloyds TSB. "We need to educate customers on how to use the internet," he said.

The next step is to change login screens to warn customers of fraud and advise them how to act online.

"We also encourage customers to have the latest software on their PCs, but there's no real way for us to check up on this," said Lloyd.

"We could do some checks as to what people are using when they log on, but there's a fine line between what's reasonable to expect from customers and what's not."

Tactics can also move away from technology solutions and involve changes to the way the business operates.

"We can dynamically change the pay away limit on people's accounts or make it harder to create a new beneficiary," said Lloyd.

"All banks have turned down the transfer limit, and we've all made it more difficult to set up a third party."

"You might ask the customer to contact you on the phone to validate it, or send a text message.

"Another thing you can do is set up a delay on the transfer so that it doesn't go through immediately, giving customers a chance to pick up on the problem and alert us."

Barclaycard believes it has come up with a potential solution in the form of its chip authentication technology.

The company is testing a small portable device, similar in shape to a calculator, that allows owners to insert their credit or debit card, enter a Pin and receive a unique one-time eight-digit number that is used to confirm their authenticity.