The thieves are, rather predictably, getting smarter too. They’ve now successfully attacked several "token" (two factor authentication, 2FA) schemes. This is why we need end-to-end 2FA (ie, PKI-based 2FA) because until all of the messages between you and your bank (or the government, or anyone else) are encrypted and signed, the fraudsters can intercept the confidential details and exploit them.
Not going down this route leaves banks and their customers vulnerable to attack (as it will should PayPal, for example, decide to go the same way). On the other hand, it is going to cost issuers more money, hence something will eventually get done. Look at the recent example from ABN Amro where the bank had to compensate victims of just such an attack. Four ABN Amro customers activated a virus allowing a man-in-the-middle attack that overcame the bank’s two-factor authentication. After the attack, ABN Amro removed an ‘urgent payment’ option from its Web site as a precaution, compensated the customers and launched a campaign to remind users about internet banking safety. The bank says that its customers opened an email attachment that resulted in a virus being executed on their machines, which is undoubtedly true. The virus re-directed the customers’ web browsers away from the real ABN and to the a fake ABN site run by fraudsters. The customers then typed in their passwords, which the fraudsters then used to access the bank’s real web site. The customer’s own transactions were passed along to the real site, so they didn’t notice anything wrong right away, while the attacker simultaneously made their own fraudelent transactions using the bank’s "urgent payment" feature. You’ve got to admit it’s clever, but the truth is until there’s end-to-end security from the bank’s hardware security module to the customer’s smart card (whether in a mobile phone or not) then this sort of attack is inevitable.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]