The HSBC bank has started what it claims is the largest ever roll-out of two-factor authentication technology to UK business customers.

From next month, 180,000 customers will each receive a passcode-generating token to allow them to access the bank’s Business Internet Banking service.

The key-ring tokens generate a 6-digit security code which changes every 30 seconds, and must then be used alongside the customer’s password and user ID to access the site. Because this code is changed so often, the theory goes, it is of no practical use to criminals.

The token system from authentication vendor Vasco has previously been used by the bank in other countries, including the US, Canada, Mexico and Hong Kong, but this is its first appearance in Europe, confirmed HSBC spokesperson Neil Brazil.

The bank will now promote the ability for its customers – mostly SMEs, startups and medium enterprises - to use their accounts from any PC, located anywhere in the world.

The bank had no plans to start using the same system with its retail customers, however.

“The risk profile for business banking is different from retail,” said Brazil.

The bank would, in any case, wait on a token standardisation effort currently being undertaken by UK banking organisation, the association of payment and clearing services (APACS), which was not expected to conclude for some time.

HSBC is bearing the £3-a-token cost itself, and is not charging customers for the extra security. Then again, this is on of the most important and profitable sectors of the banking business, and highly competitive.

“Today’s announcement will enable us to stay one step ahead of the fraudsters. Our experience in other parts of the world shows that this kind of two factor authentication is an extremely useful weapon in the fight against internet crime and we would urge other banks in the UK to seriously consider following our lead,” said HSBC’s head of business banking Simon Wainwright.