I don't see why banks bother with third party tracking cookies, why not just parse their own logs? This will even catch people who block the third party cookies.
Those banks which require you to select characters with the mouse instead of typing them only offer very minimal protection... Sure, this will stop traditional keyloggers but you don't even need to detect mouse movements, if you were to hook into the browser you could capture whatever it sends. And don't think SSL will help here, if an attacker has sufficient privileges to run a keylogger on your machine he could also install browser plugins to log traffic before it gets encrypted.
In terms of actual useful protections, i think Natwest have a decent balance... You can log in using your pin and password as usual, and you can send relatively small amounts of money to people you've already sent money to in the past or transfer it between your own accounts... But if you want to pay someone new, or send a large sum of money you have to use a little card reader to validate the transaction.
Although i haven't researched the card reader in detail, and would hope its not based on something similar to rsa where a third party keeps a copy of all the keys.
The details of such systems should be open, but you have a lot of people who are of the mindset that keeping the details hidden will improve security... This is only true when the system is flawed anyway, and no matter how hard you try to hide flaws like that they will be found sooner or later. So i'm very wary of such systems, having not had any decent peer review there are likely many flaws waiting to be found, as shown with rapport there are serious design flaws which were trivially found.
On the other hand systems like SSL and various encryption algorithms are well known, have been reviewed by many competent people and have been found to be pretty strong. I'm much more confident using a system which i know has been in the public eye and had competent people attacking it.