<EM>Peter Griffin:</EM> Banks owe us security

Internet banking is incredibly empowering. I feel like a financial player shuffling funds around electronically from my personal account to the rent account, from savings to Visa account. Pity the amounts are measly, but that doesn't deter the numerous phishing scam artists hell-bent on stealing my internet banking username and password so they can empty my account into some Latvian black hole.

Just last month, the BNZ had to suspend its online banking service for a period because its customers were targeted with an email that prompted them to log in to an exact replica of the BNZ website. The scammers wanted to farm banking login details to commit fraud, but the bank pulled the plug in time and no one was left out of pocket.

"Attempts to steal people's electronic identity are a bit of a fact of life these days," Peter Fletcher, the BNZ's chief information officer, said at the time.

If that's the case, and the spread of Trojans, keyloggers and spyware designed to steal your passwords and identity suggest it is, every bank should be following the lead of the ASB and HSBC by issuing customers with digital password generators. These smart little devices constantly generate random six-figure codes that need to be entered along with your username and password. It's so-called two-factor banking, adding an extra layer of security.

If you're stupid enough to use online banking in an internet cafe or on a computer carrying no internet security software, you potentially expose yourself to the scammers. But with a key generator, you must have the physical device to obtain the code which provides the second layer of security. It's pretty much foolproof.

Security-minded companies have for some time been requesting their employees use key tokens to protect against industrial sabotage.

The ASB will offer its tokens for $1 a month and make use of them compulsory for transactions over $2500. The bank is also allowing key codes to be delivered via text message, but this costs 20c a pop.

The HSBC is sending its code generators to all its customers for free and will request they be used for internet banking. HSBC is more focused on business and offshore banking, where people are moving larger amounts of money, so the introduction of the free device is a good move.

If you are ever the victim of a phishing scam, don't expect much help from the bank, which sits behind all sorts of security firewalls and places responsibility on its customers for making sure they use internet banking securely. Their fraud team will try to trace the vanishing cash but if you've been phished, it's your problem.

Every bank should be giving every customer a key generator. They're not expensive devices to make. With the billions in profit the banks collectively make in this country every year, it would come across as a welcome token of their appreciation.