I have heard a bit about the Silent Banker Trojan, but I have to admit I am somewhat confused how this phone out of band authentication would solve the problem in any way.

From my understanding, the Trojan works by waiting for the user to begin an authenticated session with the bank, then during that session alters the transaction data before sending it to be encrypted and transmitted to the bank. The phone system appears to try to correct for this by taking the authentication away from the computer. However, the actual attack occurs after the user is authenticated.

__________________
The best way to learn anything, is to question everything.