Barclays Bank is to give 500,000 of its banking customers handheld chip and Pin card readers in a bid to protect them from online fraud.

The PINsentry, which works independently from the PC, is a form of two-factor authentication which will give added protection to Barclays' online banking customers.

The user inserts their chip and PIN debit card into the device, which looks like a small calculator. After the device has read the chip on the card it generates a one-off unique eight-digit passcode that the customer then uses when logging on to their account.

As the number is only valid for two minutes after issue it should also help eliminate the risks posed by phishing emails.

The device has been welcomed by UK payments association APACS, which in January 2006 announced a UK standard for devices that physically authenticate online and telephone-based transactions for cardholder-not-present credit and debit card transactions, online or over the phone.

APACS spokeswoman Jemma Smith said: “The new scheme by Barclays is a positive one, and fits in with our proposals.

“Although there are already many security processes for online banking, we have been talking for some time about an increased layer of authentication in the card and online arena.

“Barclays' initiative is a step forward," she added.

Smith also expressed hope that other banks would follow suit as the topic of security was a “competitive issue and down to each individual bank to put in place”.

Graham Cluley, a security expert at Sophos, agreed that the move by the bank was “good news for Barclays' customers”.

However, he warned they should “not get complacent when using the scheme”.

“Just because [a customer] has one of these devices, it doesn’t mean they should let their guard down and begin to visit websites that are questionable,” he said.

This is because these “devices do not prevent all identity theft – spyware can still steal screenshots of what bank customers are doing online, and can capture account information to use for fraudulent purposes”.

This is a view shared by Raimund Genes, CTO of internet security at Trend Micro, who advised customers to be “on their guard”.

He also warned that UK banks had “a lot of catching up to do if they wanted to beat the growing number of online fraud”.

He said: “It was difficult for banks to know how bad phishing fraud could be, but now it is here they must begin to react and catch up with those in countries such as Spain and Germany, which have been using two-factor authentications for a long time now.

"The Middle East is way ahead of the UK and already leading this movement. Something must be done or identity theft will continue to rise."

Jemma Smith, however, disagreed: “Online fraud has only been a problem since 2003. Last year the amount of fraud online was £33.5 million, compared to £428m lost to card fraud.

"By creating this system, Barclays is looking to the future, something that is always important when fighting online crime,” she said.

Barclays aims to have distributed all the devices to selected customers by the end of the year, at no extra cost to them. Customers who fall victim to fraud while using the device will still be covered by the bank.