An article relating to this blog post on Finextra:
Security experts warns of man-in-the-browser threat
Security experts are reporting a surge in so-called "man-in-the-browser" attacks where hackers infect PCs with malicious code that is only triggered when a Web user visits an online bank site.
Sorry to say that the only way to really get past the Man in the Middle attack is to use a second secure channel to carry out the authentication and a transaction specific authentication. It has to be used not only for transaction auth, but also for setting
up new payees, for example.
Otherwise the MiM could simply let you input the auth, then bounce you an error message - Please try again in 15 minutes - while he has full access to your account.
There are a number of MiM resistant auth. solutions out there, Authentify was given the nod by HSBC, while Masabi, the secure mobile developers, have one featuring GrIDsure technology, that still has security even if both the PC and handset are compromised!