Online banking is under attack, with users increasingly being bombarded by criminals attempting to gain access to their accounts to con them out of their money.

Consumer confidence has taken a knock, and if the banks want to continue to steer customers online, action must be taken before users' trust is eroded even further.

There have been various suggestions about how to tackle the problem.

Banking industry body the Association for Payment Clearing Services (Apacs) is busy finalising a standard that will allow banks to provide a physical means of making online transactions secure - so called two-factor authentication.

But not everyone agrees. In an exclusive interview with Computing, Egg chief information officer Gary Price talks about the issue of maintaining trust with customers and the future of online banking.

Computing reported recently that some high-street banks plan to provide two-factor authentication to some of their customers in the near future. What is Egg doing to ensure that its customers are safe online?

We're continually looking at where we go next with our security model to make it more secure for customers.

Apacs' way to solve it is to have a token, a physical thing you have to carry around with you. We don't completely agree with this, for two reasons. One, it doesn't actually solve the problems we're trying to address. If you list the problems you're trying to deal with, it's predominantly phishing and various other things such as domain spoofing and so on.

But when you dig into the problems that you're trying to resolve, what you find is that two-factor authentication addresses some of them, but it doesn't address all of them - and it was originally positioned as a panacea.

The second thing is that while the technology is more secure, it also makes online banking unusable. For customers, it's a balance between security and ease of use. Banks can choose to make it really, really secure, but no one would ever use it. We hold that customers value the ability to use it easily.

So our view is that the current proposal is an inappropriate solution for the problem. And this is before you get into the cost side of things, which in the end increases the cost of banking and therefore increases the cost to customers. But when you take that away as a solution, most banks don't know where to go.

So what is the alternative?

Where we see the world going, when you look at the evolution of desktops and smart clients and so on, is an environment where the client dominates.

So the question becomes one of looking at what client-side security you would apply and what we'd integrate with, rather than doing all that stuff at our end. Our thought process is very different from the other banks.

Are you talking about the various technologies that Microsoft hopes to bring to market with its next major operating system release, Longhorn?

Don't limit it to Microsoft. Just think generally about what's happening with consumers over the next two or three years: you have an extraordinarily powerful computer on your desk; you have an enormously wide broadband network; and you have a degree of emerging capability on the desktop that makes use of both those things.

This is what Longhorn is about, and what Apple's Tiger operating system is about, and so on. What they all do is exploit the power of the desktop to make the experience of using it very rich and visual.

If you then design services, as we intend to do, that exploit that as well, then you're using the power of the customer's PC. Your security model needs to reflect that, rather than the current web site model. We don't know what that means yet, in terms of how to address this new model, but we do know that it's fundamentally different.

So, rather than asking how to solve today's problem, we're looking at where technology is going for consumers over the next two to three years and how to really harness that power. With all that power available, I think there has to be a way of fundamentally changing the security model that makes online banking more secure. That's where we're spending a lot of our time as well.

I suspect that's not the way the other financial services companies are thinking. If we can crack that, then you can come in and use our features and take advantage of our security. You only need to believe that Egg is secure.

But there's a big gap between now and when something such as Longhorn is going to be widely installed on PCs - what do people do in the interim?

We don't ignore the current issues. We have all the usual things you'd expect in terms of how we deal with phishing and spam and all that. We don't hold that the current approach of authentication between banks and customers is broken; we just think that it has a finite lifespan. If it was broken, then we would be shut.

Is there not an issue of perception here, though? If banks are seen to be rolling out additional layers of security, will consumers be reassured by that anyway?

It's a bit like chip-and-PIN. If you're a customer, you'd have spent several years hearing that the approach to solving fraud is to have chip-and-PIN. It then starts to roll out, and the first set of measures that come out show that fraud has gone up.

Now, fraud has gone up because we sent all the cards out and they were intercepted and used. For a customer, how do you rate this? You don't see the detail about why, that gets lost.

Also, on a lower level, standing in a shop and typing in your PIN doesn't necessarily make you feel more secure with people in the queue watching you. A lot of security is about perception.

Because we give our customers a guarantee that their money is protected, we hope this helps convince them about how safe we are. And if something does happen, just talk to us.

What other new things is Egg working on at the moment?

The thing that's probably most interesting is that we're trying to take some steps now that makes the experience for customers richer. We have plans to improve our Money Manager tool, so that it's a richer and more complete experience.

We're building a number of tools that take data from customers and then plays it back to them in a very graphical way, so they get a picture of their financial position and the actions they need to take to achieve what they want to achieve. For instance, we have a tool that can show customers very easily how much they could save by doing certain things, such as changing accounts around or so on.

We're making information available to customers in a way they can use and understand.

And we know we're saving our customers money through this, and we have things in the pipeline that will extend that.

We're using tools such as Macromedia Flash to give customers that experience, and using the benefit of broadband, to give a very simple version of where we see it going in the future with smart clients.