The new HSBC Malta website is not your average redesign, Banking Unwired said last week.

It also introduced a new security procedure with a new login device that you carry with you. If you’ve logged in remotely to most corporate networks, you’re already familiar with the drill. To login, you not only need your regular credentials but the random number generated by your personal security device.

Although the technology is not new, it is relatively new for consumer banking. With fraud and phishing attacks on the rise, and a seemingly endless array of creative hackers out there, banks are beginning to look long and hard at this option.

Bank of America recently announced SafePass, its first, albeit limited, foray into two-factor authentication. Like HSBC’s approach, SafePass sends a one-time password to a customer’s mobile phone or ‘wallet-sized card’ to authenticate users. This adds an extra layer of protection by requiring a physical “out of band” piece of information that is virtually unknowable by a hacker.

Donald Canning of Microsoft taking a look at the future of out-of-band security says: “Out-of-band security and validation dramatically decreases on-line fraud by ensuring the rightful user is controlling the credentials used to access payment type services. This closed loop process validates that users are who they say they are.

“If trust is the backbone of on-line banking, convenience is its driving force. Given this trade-off, it will be interesting to see how fast out-of-band authentication takes off. HSBC has chosen to be aggressive and made it a requirement for all its customers, while Bank of America has chosen to make it an optional method for high-valued transactions.”