[aylons]

In Brazil, most banks use two-factor authentication in some form for internet transactions.

One of my banks gives me the option to receive the code through SMS, generate it through a phone app or with a dedicated keyring token. This is a option I can make at the time transaction-time.

The other requires me to authenticate each new machine I login from, through an SMS. A bit less secure.

Biometrical authentication is also a thing. The biggest banks already have some form of it (fingerprint or hand palm), and I can even make transactions w/o a card, using only fingerprint and password. Actually, I only carry credit cards nowadays, the bank account card stays at home and use fingerprint to withdraw.