Financial institutions should strive to provide customers with a consistent, secure process of authentication that minimizes potential avenues of attack. Understanding the types of attacks that can occur is a requirement for deciding what authentication mechanisms are needed. The vast majority of attacks are Man-in-the-middle (MITM) attacks. Time-bound, one-time passcodes thwart keystroke loggers, as they would be used or expired before the attacker gets them. Only strong mutual authentication can stop MITM attacks.”]
Source: https://www.cuinfosecurity.com/reducing-online-banking-fraud-stronger-authentication-methods-a-332