"It does not matter if someone cracks an encrypted SSL key, because it would take so long and by the time it was cracked the data would be worthless," he said.

"While encryption protects the data in transport, spyware can record passwords and e-mail them to another party. The banks need to look at three-tier authentication that includes a swipe card because you cannot rely on a user name and password."