@AC
> amazing is that there are still banks that do not have some kind of one time
> password system
Yeah. I agree. My primary bank uses a unique system that requires one to have a registered cellphone number (or a SMS-enabled landline phone) with them, and each time a transaction is carried out online an SMS (text message for the stateside folks) with a 6-digit code is sent to the registered phone, and the transaction will refuse to proceed until the code is entered into the page. This method has two advantages:
1. Stall the thief as he tries to brute force through your account as he'll never get the code (certain exceptions apply i.e. he has somehow managed to pull off some sort of suave social engineering with the bank to change the SMS phone number), and
2. It alerts you when someone is accessing your account and is trying to do stupid things with it.
I was surprised that such feature wasn't available on another bank account I opened when I switched jobs last year (had to, the job refuses bank money straight into my primary account).