You can't get at the $ but you can get at the individual transaction data. They really should not have third party js on banking and medical sites, especially not for logged in users.
Are you absolutely sure about this (would love a reference)? Letting another party running code removes at least many layers of defence. I would not trust a bank which is doing that it's just a sign of gross incompetence.
I have a hardware token and a chipcard to stop that from happening, still, there may be some way to do it that I'm not aware of. One way I can think of is to display one set of destination details for a transfer to the user and use another for the actual transfer.