ABN AMRO two factor authentication
I'd like to correct the misconception about the ABN AMRO two factor authentication; the ABN two factor authentication is required at login and
when finally submitting the batch of transactions you have created.
The man in the middle attack worked by piggybacking a rogue transaction as part of the final submission. The bank now suggests to always verify your balance after submitting the transactions; not that a smart MITM could not subvert that check.
When rogue software on your computer interferes with your webbrowser,
the game is basically over except in those cases were there is an additional out of band message, e.g., an SMS detailing all submitted transactions is sent as part of the verification process.