This could be a one-time password (OTP) token, a small device that generates a different password you must enter for every online payment or login. Or it could be a smart card-a mini computer inside your bankcard with special security software. You connect the smart card to your PC with a small USB reader as an additional security measure when you pay online or login to your bank account.
Bankers call this "two-factor" authentication-something you know, the PIN, and something you have, the card or token. This is similar to when you make an ATM withdrawal, which requires both a card and a PIN code. Keep in mind, though, that a smart card has much more advanced security than the magnetic stripe on a standard ATM card.
Two-factor authentication makes online payment and online banking much more secure. For example, a leading U.K. bank, Barclays, has stated their customers that use EMV-compliant chip and PIN cards with handheld readers for logins have had zero online fraud. However, smart bankcards, like those used in Canada, Latin America, Europe and Japan are not yet available in the United States.
For more tips on how to pay safely online see, "How do I know if it is safe to enter my credit card information when I am shopping online?"