I worry about the perception created by HSBC and Abbey. Its assumed that two factor and tokens are synonymous.
The notion that HSBC and Abbey will become front-line targets for the fraudsters is supported by evidence presented in this paper, ‘Closing the phishing hole’, by Ross Anderson, professor of security engineering at Cambridge University.
Two factor requires that there is a second level of authentication, beyond, username and password. For sure I know Abbey have deployed Passmark- HSBC I am guessing, have, or something similar. Passmark uses the forensics of the customers computer as the 2nd factor. It works like a fingerprint, and is strong enough to be certain in identifying the customer. The bad guys know this.
On the other hand the technology exists to get past tokens.
My take – HSBC and Abbey National have made the right bet between customer inconvenience and bank risk.
Bankwatch 
It seems we may not be looking at authentication correctly. If you had 4 factor authentication as a maximum security level why wouldn’t you then detail lower levels of authentication for lower levels of risk? Some people have a series of locks on their door fronts based on what they perceive as a risk.
I agree Gene, and ideally the security, and with it the ‘inconvenience factor” would only be required at the higher levels of need.
My only point was in direct comparison of two factor, between PassMark approach vs token style. My reading of the situation is that token is not stronger because of the potential for man in the middle attack.
Well I think no matter how you look at it two factor authentication is the best security there is right now and it’s only going to get better and become more popular with time. Of course if we sit around and dissect everything about we and those who would do harm will find kinks in the armor but we should focus more on the positive aspects of this kind of security.
two factor authentication has long been misunderstood. Not only do most people not look at it correctly, but many others, especially those new to the technology expect far to much from it. TFA also has its many attractors who bash it for having been cracked. What successful technology out there hasn’t been compromised? I think the misunderstanding will fade however as the technology continues to prove itself and more businesses adopts it.