Savings bank ING Direct is to introduce anti-keylogging measures in January to protect the accounts of its 500,000 online customers.

Users will enter their PIN by clicking on an on-screen calculator-style keypad, whose numbers change position on each login.

Citibank Consumer Bank pioneered the approach in the UK, introducing it to customers in January 2005. The ING Direct deployment is believed to be the largest UK implementation to date.

‘The new system obviously makes it far more difficult for malicious software to capture the number you are inputting because the numbers on the keypad constantly change,’ said ING spokesman Martin Rutland.

The system will guard against fraudsters who install keylogging devices on computers to record keystrokes and steal personal information. Such devices were used by fraudsters who attempted to steal £220m from Sumitomo Mitsui bank last year.

‘We implemented this with a specific defence in mind against keystroke capture,’ said Citibank’s head of online customer experience David Bacall. ‘We are also looking at two--factor authentication with tokens, but have no plans to roll it out soon.

But Ovum senior analyst Graham Titterington says that anti-keylogging security is not 100 per cent secure.

‘As we move towards two-factor authentication, combining security processes from two different categories such as anti-keylogging and two-factor PIN access can be effective,’ he said.

What do you think? Email feedback@computing.co.uk

Further reading:

Industry mulls solution to fraud