Trend Micro wrong - Sophos better

"Consumer confidence in online transactions and online banking has been waning and better safeguards, such as biometrics or smartcards needs to be considered by other banks,"

Yeah! Thank you for pushing for the technology hype. What about using our brain for 5 secs?

Banking security doesn't need biometrics. Biometrics is for identification only, and in this case it is optional and not sufficient. It is easy to imagine scheme using biometrics (like most scheme today actually) that can't even counter phishing or man-in-the-middle attacks.

To counter 99.99% of current and future internet banking attacks, the only thing you need is a strong transaction authorisation scheme. Authorisation means "signature on the transaction *content*", i.e. integrity protection + non-repudiation.

How to do this? Easy! Example: 1 secure device, 1 secure display (for showing the content) and 1 secure input device (for signature). Like a small calculator with cryptographic keys. You enter the amount, you enter the target account, you enter your password, and you receive an authorisation code. The calculator is the token, the password is the authorisation step --> 2-way authentication.

Now, that is *really* secure! And actually very easy to deploy and use (you can take the calculator anywhere with you).

That banks just keep doing the wrong way is either a proof of their ignorance in the matter or their lack of will to really solve the issue.