By planning to offer devices that generate new account access codes every 60 seconds, E-Trade Financial Corp. is gambling that the increased security will outweigh the expense and hassle of keychain fobs.
Though the technology, known as two-factor authentication, has been available for years and is considered to be a highly effective online security tool, few banks have shown much interest in it.
Industry watchers have long said that consumers would be put off by the inconvenience of having to keep track of a physical device. And banks have been reluctant to invest in upgrading their own systems and issuing the devices to their customers.
However, the growing threat posed by identity theft and online frauds such as phishing seems to have renewed interest in this security tool.
"I'm really proud that we're the first ones to do this" for consumers, said Lou Klobuchar, who oversees both the banking and brokerage sides of E-Trade, which announced its two-factor authentication program Tuesday.
The devices, manufactured by RSA Security Inc. of Bedford, Mass., generate six-digit numbers. To log on to any E-Trade account, a customer with the device must type the number along with a user name and a password.
Once a device is activated, the account cannot be accessed online without it, so even if the user name and password were stolen, that information would be useless to a criminal.
E-Trade has been testing the system since December with 240 users and will start offering the devices for free in the second quarter to customers who make more than five trades a month or have more than $50,000 in their accounts.
Other companies are dipping their toes into two-factor authentication. Bank of America Corp. announced last month that it would offer similar devices from VeriSign Inc. to its corporate banking customers this year. America Online Inc. offers two-factor authentication devices from RSA to its 33 million customers but charges a fee for them.
Estimates of the cost of issuing the devices vary. Sophie Louvel, an analyst at Financial Insights Inc., a Framingham, Mass., research unit of International Data Group Inc., said the costs can range from $60 to $80 per customer, but added that RSA might be offering discounts to promote their use.
Avivah Litan, a vice president and a research director at Gartner Inc. of Stamford, Conn., said the devices can cost banks $10 a customer each year.
It's "a big deal" for banks to absorb the cost of these devices during the initial rollout, but doing so is "a good business decision, especially with all this high-visibility fraud and identity theft," she said.
Despite the increased attention on security issues, "most banks I talk to don't want to get near" two-factor authentication systems, Ms. Litan said. "They're really afraid consumers will be turned away, and they don't want to absorb the cost."
However, banks face little risk from trying the technology, which has significant potential, she said. "If they get low adoption, they're not spending very much money. If they get high adoption, they sell a lot more services. I could see people switching to E-Trade if they offer this type of security."
An E-Trade spokeswoman said she could not say how much it paid for the devices, because of its contract with RSA.
