So, when will the banks be motivated to abandon this feeble system and move on to the online banking system of tomorrow? Will it take a terrorist attack or just a lawsuit? Or will the government step in and impose stronger regulation to protect the individual consumers that represent the "short end" of the "acceptable risk stick"? If we look at how we got from yesterday to today we might be able to guess that perhaps if the consumer asked the right questions we can get there sooner.

The question of where it is that we need to get to has not gone unanswered. It has been out there for years but it means that its no longer immediately "X" cents for an Internet transaction. Companies will need to put up small amounts (tens of dollars, not hundreds) per customer but ROI would still come; it would just take a little longer to reach the break-even point. The FTC (ATM Card) needs to evolve into a smartcard and the encrypted tunnel needs to be extended so it terminates not at the home computer but at the FTC. The FTC then provides access from any computer on the Internet as well as "multi faceted" authentication (a hardware token – the FTC, and a PIN – entered into the FTC).

Under this system, control is returned and the risks faced may be individually addressed as "acceptable" or "unacceptable". We can finally say we have a system that provides some level of "security" because although the system’s security is only as strong as the weakest link still, at least all links have some level of security. Systems which have reached this point can then be said to provide more or less security than each other.