This is the latest move in the bank’s attempt to make internet banking as secure as possible without making it too cumbersome.

When logging on to their accounts, Lloyds customers will enter the one-off code along with their usual security details. The question is: will this prove a help or a hindrance? Banks are facing a classic dilemma over internet security — damned if they do and damned if they don’t.

On the one hand, fear of fraud is threatening to put people off internet banking, forcing them to take added security measures.

On the other hand, the measures they introduce make internet banking more cumbersome and undermine its main attraction — convenience.

About 15m active internet banking customers manage 24m accounts online in the UK. This sounds impressive until you realise that there are 115m current and savings accounts in total. Security worries are holding back many more people from banking online.

Customers find it hard enough to remember their personal identification numbers (Pins), user names and passwords, let alone where they left their minuscule code-generating gadgets.

Lloyds TSB has helpfully incorporated a keyring into the gadget’s design, but customers who bank with several institutions could face having to carry bunches of keys laden with high-tech gizmos. Is it worth the hassle when you can just do your banking by phone?

The UK payments association Apacs (apacs.org. uk), which is due to release its latest financial-fraud figures next month, confirms that internet-banking losses for the year to June 2005 will be “significantly” higher than last year’s figure of £12m. But a spokesperson said: “Internet-banking fraud is still a tiny fraction of the £500m lost though plastic-card fraud.”

Two-factor authentication, a combination of fixed and dynamic security details, is not new; the technology has been around for 20 years. Although it creates another hurdle for fraudsters, it does not eliminate the threat of fraud.

Customers who leave their computers unprotected — by not keeping anti-virus software up to date, for example — may have their user names and passwords stolen by spyware Trojan programs.

Combine this threat with the possibility of your code gadget being stolen in the post by a well-placed member of the fraud syndicate, and your bank account is potentially capable of being raided until you notice either that the gadget has not arrived or that large sums have disappeared.

Lloyds TSB does not dismiss this scenario but considers it unlikely.

Most internet-banking terms and conditions now make adequately protected computers a must. Although banks are still reimbursing defrauded customers, it can only be a matter of time before they interpret having an unprotected computer as negligence and refuse to pay up.

A bigger problem for banks at the moment is plastic-card fraud, responsible for internet losses of £117m last year — another figure likely to rise sharply when Apacs reports.

Once again, two-factor authentication is the preferred weapon.

Apacs is working with the banks to develop a standard for chip-and-pin card readers that generate one-off security codes. You slide your card into the reader, tap in your number, get your code, then enter it online.

This should make online shopping safer — but unfortunately these card readers are unlikely to reach us before the end of 2006 at the earliest.

Explore Money

• Property & Mortgages

• Savings

• Borrowing

• Investment

• Funds

• Insurance

• Consumer Affairs

• Tax

• Pensions

• Broadband