There are a number of issues with their solution..
I have worked on next generation ebanking for Swiss private banks, and part of what I did was evaluate the market for authentication and authorization devices.
The starting principle is not to expect a client computer to be secure, nor their environment. This means you will need a solution that is observation proof (most solutions have a fixed PIN as first 4 digits of your response), does not depend on the security of the client computer (fairly logical IMHO, keyboard loggers, mad-in-the-browser and man-in-the-middle risks) and is ideally out of band so a hack of the network between bank and client isn't going to be an issue.
A portable solution would be nice too, preferably not depending on OS for install or security (install free is best). Add to that a desire to still have a usable solution that doesn't require a rocket scientist to operate it and the number of remaining solutions becomes very low indeed.
Now, a smart card based solution suffers from OS and install dependency, and a dependency on the system being secure. It also is easy to abuse via targeted theft (I looked at high value transactions where this is a risk), and is not observation proof nor terribly portable. It is, however, still safer than the RS token which only proves that someone has it and its PIN - no challenge response cycle possible..
Anyway, just a few details. It's an interesting field as much is presently changing.