More recently, the Bank of New Zealand was forced to suspend Internet banking services for several hours after phishers attempted to steal customer log-ins and passwords by directing them to a spoofed Web site that was an exact replica of the bank's site, according to a statement from the bank.

Stronger authentication by itself is of little value in protecting users in such cases, according to Penn.

"It's not just about the authentication," he said. "If all of a sudden I change my address and then request a replacement credit card, that should raise a lot of red flags -- and it has nothing to do with authentication."

Real-time transaction monitoring and account behavior modeling techniques have been used for years to combat fraud in the credit card industry, said Ted Crooks, vice president of global fraud solutions at Fair Isaac Corp. in Minneapolis.

Fair Isaac's Falcon fraud management technology has been widely used by credit card issuers since the early 1990s to detect and prevent fraud. At a high level, the technology works by monitoring transactions and account activity in real time, looking for and flagging any behavior that deviates from the norm, Crooks said.