Re: Two factor authentication is a start.
>Except if your computer resides on the same device as your phone
Or indeed, if you run "unified comms" like imessage, it is unexpectedly no longer two-factor. Malware can make the banking request and receive/process the SMS auth codes without compromising the phone.
Of course, it should be possible to tell imessage not to sync messages from your bank or with messages with some specific text in it, but that puts the onus back on users who rarely realise that there is even an issue.
I suspect a large amount of effort should be directed at OS design, preventing successful attacks even if the users do something stupid, like running flash or some other randomly downloaded executable. I'm thinking of things like, jailed execution of web interfaces, manifests for executables which may include an "origin https url" which can have certificate and md256sum checks built in. Flags for executables which have the same name as other well-known executables from different domains. Flags for "you're installing program X, but it is trying to mess with something in the directory tree of program Y - are you sure you want to do that?" Clear library separation, so OS utilities can't be infected by application-installed libraries.
I don't think all of these things are exceptionally difficult, neither do they prevent ultimate stupidity, but at the moment OS providers of all stripes (and yes, that includes my favourite FOSS OS as well as the OS' people actually pay money for) are not doing enough.