February 17, 2005

The U.K. division of global giant Citibank has introduced an on-screen "keyboard" for its online banking customers in an attempt to foil some types identity theft.

Although customers type their account username into a typical form, their password must be entered by clicking on an on-screen keyboard similar to the one within Windows (from the Start menu, select "Run," enter "osk" and press Enter).

According to Citibank, the change is "to reduce the chance of malicious software attempting to record keystrokes and steal your details."

While phishers may need time to replicate an on-screen keyboard, the move seems aimed at spyware-style key loggers that are dropped on systems (often by phishers) to monitor a machine and send all typed characters to the attacker.

Other types of spyware used by identity thieves, including screen grabbers -- which snap screenshots at designated intervals or when an account access form pops up -- could defeat the idea of on-screen keyboards, however.

An online demonstration of the new technique can be viewed here.