I read this story with interest.  One of the things the financial industry is facing is how to secure Internet-based, high-risk customer and business partner transactions.  While banks have been mandated to provide stronger authentication, what does the bank do about the customer side of things?  How can the bank possibly be responsible for a customer who never patches his or her computer's operating system software (and browser), who doesn't use anti-virus and anti-spyware, and has no personal computer, or who is naive enough to fall for a phishing scam?