I've banked with St George for many many years, and they've long been pretty ahead of the pack with technology in Australia. I got a letter the other day indicating that they were bringing in some new "Secure Code" system, which sounded like two factor authentication to me.
Looking at their site, it seems they are indeed bringing in such a system. For risky transactions (and I'm sure they can raise and lower the bar at will) they'll send a code to your mobile or landline phone, which you need to type into the application to complete the transaction.
It's interesting to see financial companies finally getting onto the two factor authentication bandwagon. The point is that you need to present something you know and something you have without massively inconveniencing your customers. The mobile or landline seems to me like a pretty good balance between security and convenience.
I notice that Paypal now uses some kind of security token that looks a lot like the RSA tokens people carry around for VPN access in a lot of companies. I wonder how long it'll be before we're all carrying around a clutch of these things?
Now I'm thinking about implementing an sms-based two factor system on my own server. Wonder if there's any software for doing that?