Criminals impersonate legitimate users to financial intuitions. That means that any solution can't involve the account holders. That leaves only one reasonable answer: Financial intuitions need to be liable for fraudulent transactions.Link (via Cryptogram)
They need to be liable for sending erroneous information to credit bureaus based on fraudulent transactions. They can't say that the user must keep his password secure or his machine virus-free. They can't require the user to monitor his accounts for fraudulent activity, or his credit reports for fraudulently obtained credit cards.
Those aren't reasonable requirements for most users. The bank must be made responsible, regardless of what the user does.
If you think this won't work, look at credit cards. Credit card companies are liable for all but the first $50 of fraudulent transactions. They're not hurting for business; and they're not drowning in fraud, either. They've developed and fielded an array of security technologies designed to detect and prevent fraudulent transactions. And they've pushed most of the actual costs onto the merchants.