Additional detail from financetech on the NACHA pilot which we noted a few days ago.
NACHA Takes a Page From PayPal's Playbook
The process sends transactions on a round-trip. When consumers at an online retailer, for example, click on the "buy" button, they are redirected via a secure network (courtesy of Sydney-based eWise Systems) to their banks' Web site where they are asked to log in. Logging in will presumably be with the exact same method the banks ask their customers to log in for banking services, relates Herd. The consumer confirms the transaction details at the bank site and then authorizes payment.The as yet unnamed initiative will enlist the help of banks to act as intermediaries for consumers' online transactions: online funds transfers, bill payments and purchases.
Relevance to Bankwatch:
Information update.
Bankwatch 
“When consumers at an online retailer, for example, click on the “buy” button, they are redirected via a secure network (courtesy of Sydney-based eWise Systems) to their banks’ Web site where they are asked to log in. Logging in will presumably be with the exact same method the banks ask their customers to log in for banking services, relates Herd.”
Shouldn’t think there’s going to be much of a problem with phishing there, then.
I would think the key issue of concern here would be security of the connection between the merchant and the bank, and how NACHA implement that. Provided the customer has the option of going directly to their bank by themselves then its sound. If its a link from the merchant to the bank, then that link will be the subject of security scrutiny.
“If its a link from the merchant to the bank, then that link will be the subject of security scrutiny.”
Only if it’s a real merchant.