kaled - 5:02 pm on Feb 13, 2008 (gmt 0)
There seems to be some confusion here (or maybe it's just me). There are two issues.
As Joe Public, we can't do much about issue 2 but there is a possible (and definitive) solution to issue 1 - use a boot CD with browser for all financial actions. A pain in the *** but when one bank goes down this route, the rest will follow. In the meantime, we can create our own - I've already started researching this.
Of course, if the banks provide clean boot CDs, they can burn the IP address of their server onto the CD directly so that would also mitigate the potential of bad servers to get in the way. With custom encryption, that would bolt the door pretty darn tight.
Although this would be a nuisance, the sooner the banks go down this route the better because it will remove the motivation behind most of the hacking and virus writing that goes on.