Online banking services have become one of the most important applications on the Internet, being provided by most of the banks all over the world. The end-user can manage the accounts or make some payments without being forced to go to the physical bank office. That's why security concerns regarding authentication have to be taken into the account and the bank should provide various and combined methods for login, in order to increase the confidence in their services. In other words, the bank should provide a multi-factor authentication. This paper will present a model for user enrollment and authentication, using three basic methods, based on: what user knows (a username), what user has (a digipass) and an intrinsic characteristic of the user, e.g. a fingerprint. Combining these three characteristics will lead to a great security improvement in authentication or order signing. Classical methods are based only on the first two characteristics (what user knows and has), without the most habitual one, that cannot be lost or stolen: an intrinsic characteristic of the user, like a fingerprint or an iris. This paper will also present an application developed during our researches, for user enrollment that can be used in the bank-side environment.