In order to efficiently fight against identity fraud, banks  will also have to identify.

USB Tokens, Smart Cards, Biometrics... are excellent one-way authentication tools, but as long as the bank is not identified the customers are not protected against phishing, man-in-the-middle & man-in-the-browser.

Authentication of both parties is the answer.

It is probably some sort of deal with the government. Fingerprints might be acceptable to the public but have proved to be of no use in practice, An ill-fated idea bound to fail, ask the folks at Narita Airport. See http://www.japantoday.com/category/national/view/deported-s-korean-woman-passed-through-japans-biometric-immigration-screening

She wasn't the only one and neither was Narita. Do a search and you'll see the issues, dirty fingerprint readers, the disease aspect, the need to have an attendant at the scanner to encourage people to put their finger in, and they just don't work at all for some people, too many. Don't believe the propaganda about fingerprints you see in TV dramas, it's the real world you have to contend with.

I always ask - What is Plan B? Hopefully not the Blank look you'll get from the gadget salesman. Others are already using eye-scanners, but they too have no back-up plan, except buy a whole new system when it becomes too compromised, only they'll have to find something else to scan - see my blog.

What the heck, it's only risk, and since when have banks paid any attention to that anyway, the government will always bail them out from bad decisions.