Can we start by teaching Noddy level security to banks
1) I can have some confidence that https://halifax.co.uk/ is my bank. Anything like https://halifax-online.co.uk/ requires additional scrutiny, but that is exactly what they have done.
Please can we cancel all banker's bonuses until they fix these basic security disasters. (What I suspect will happen is we will get some tax-payer funded adverts saying that only software with a Microsoft logo is secure, and a law requiring that all software used by the government must have that logo.)