The USA Federal Financial Institutions Examination Council (FFIEC) has issued a guidance note, “Authentication in an Internet Banking Environment.”

US bank regulators will require banks to strengthen security for Internet customers through authentication that goes beyond typing in user names and passwords, which have become too easy
for criminals to obtain.

Bank Web sites are expected to adopt some form of "two-factor" authentication by the end of 2006, the Federal Financial Institutions Examination Council said in the guidance note.

In two-factor authentication, customers must confirm their identities not only through a PIN but also with something they physically have, like an electronic hardware token with numeric access codes that change every minute.

Australian banks have already started offering tokens for business customers.

UPDATE; 21 October: The US Federal Reserve has sent a letter to US banks telling them that they have until the end of 2006 to conform to the FFIEC guidelines.