Banks!!

[nzoomed]

We're with TSB who in the last year have adopted 2 factor authentication for significant transactions including payment to a new recipient. Only a text sent with a code number which needs to be entered for the the transaction to be completed. Pretty standard stuff these days. Functionality for some third party stuff such as Mastercard is a bit basic but TSB are gradually improving on this front. And the bonus is that access to a real human is usually prompt, friendly and easy.

We have a strict regime of not using our smartphones for financial dealings. I don't have enough faith in phone security to enter bank details into them so all banking or online payments are done via laptop or IPad whose security protocols are kept strong and well updated. Phones are just for comm's as far as we're concerned.

The phones themselves are safe enough, the biggest security risk is the user behind it. I would argue that a PC is more unsafe and its so common for people to save their banking passwords in their browser that anyone could jump on and gain access.
Seen far too many people let scammers into their own computer and empty their bank accounts its just ridiculous.
Banks are now having to try their best to protect their customers from their own stupidity.
There is only so much they can do, but when someone is stupid enough to send money to a voice on the phone and/or let them take remote control of their computer then there is little to protect them other than educate them or at least put some sort of hold on large transactions where the bank needs to verify.