"PINsentry" is the Barclays version of what in the US are known as "tokens", a technology which has been around for several years and is designed to combat online fraud.

The principle behind it is known as "two-factor authentication", meaning that in order for a bank to be certain that an online banking customer is who they say they are, two criteria must be satisfied.

The customer must know something - usually a login and password, and they must have something - in this case the device and the number it generates when the user's card is inserted.

In the case of a chip-and-pin transaction, both these are satisfied - the customer needing the card and four-digit code. But to raid a bank account online, all a fraudster requires is the login and password. These can be extracted from a trusting customer on a "phishing" website, which attempts to get customers to hand over their details by posing as a genuine bank website.

Devices like the PINsentry get around this problem by requiring that the customer have their card in order to make a transaction online.

When the card is inserted and the PIN entered, the pocket-sized device feeds back a number at random which is then keyed in to the website in order for the bank to confirm the customer's identity.

There are different levels of security. Some tokens do not require the card or PIN, and simply generate a number at random; Barclays' is one of the more rigorous. The idea underlying all tokens, however, is that if the customer can produce that number when the bank's website demands it, they prove they are in possession of the device, and have not obtained the login and password fraudulently.

Computer security experts said the device was "a good first step" in the fight against the current wave of phishing, which has affected Barclays particularly badly.

They warned, though, that tokens did not protect against the next generation of so-called "man in the middle" attacks, where the fraudster logs onto the bank's real website while simultaneously obtaining details from the victim - including the token number - on a phishing site.

"These devices are a major offensive in the war, and will get Barclays onto the high ground, but as soon as the other banks join them, then the bad guys will start training their artillery up there," said Richard Clayton, a researcher in the computing science department at the Unviersity of Cambridge.

Banks are increasingly focusing their security operations on the swift recovery of lost funds, Mr Clayton said, as they realise that fraudsters will always, eventually, be able to circumvent the latest safeguards.

"The challenge for the bad guys is not getting the passwords. It's getting the money out of the system fast enough so that it can't be clawed back. In many ways the changes in PIN technology are a sideshow," he said.

Times Recommends

• Lenders face huge hit on mortgage fraud
• Mortgage rescue fund at the ready
• Zoom airline collapses and halts all flights