In addition to, and IMO more important than, the technical efforts that banks dedicate to online security, there are the business practices that they dedicate to security. These include tracking and predicting loss, budgeting to cover and recover from those losses, purchasing adequate insurance to cover their risk, detailed record-keeping internally, and detailed communication with their customers.
Let's say your online banking browser session was hijacked and the bad guys transfered $100,000 out of your account. First of all the bank is likely to flag that transaction for closer review since it is probably a big departure from your usual behavior. Second, they are going to confirm its accuracy with you, at the very least in a printed or emailed statement to you that it occurred. If they are good, they will call to make sure you meant to do it. Third, they are going to keep records of what happened--the IP address that was connected when the transfer was requested, the time of day, where the money was transferred to, etc.
If it becomes clear that the transfer was a theft, then the bank will cover it as loss and you will get your money back. This is why online banking is not security-critical. Because there are numerous online and offline processes that mitigate the risks associated with online banking.
Now compare to managing your own webserver. The webserver is a dumb machine, not an intelligent counterparty like a bank. If your access to your webserver is hijacked, the webserver will not do a thing to detect, protect, or recover from whatever the bad guys do. Or more specifically, it will do only what you have specifically set it up to do.
By analogy, the lock on the front door of your house is "more important" than the lock on the front door of the police station--because there's no one behind your front door but you, while the police station has dozens of armed and trained officers behind their front door.
Let's say your online banking browser session was hijacked and the bad guys transfered $100,000 out of your account. First of all the bank is likely to flag that transaction for closer review since it is probably a big departure from your usual behavior. Second, they are going to confirm its accuracy with you, at the very least in a printed or emailed statement to you that it occurred. If they are good, they will call to make sure you meant to do it. Third, they are going to keep records of what happened--the IP address that was connected when the transfer was requested, the time of day, where the money was transferred to, etc.
If it becomes clear that the transfer was a theft, then the bank will cover it as loss and you will get your money back. This is why online banking is not security-critical. Because there are numerous online and offline processes that mitigate the risks associated with online banking.
Now compare to managing your own webserver. The webserver is a dumb machine, not an intelligent counterparty like a bank. If your access to your webserver is hijacked, the webserver will not do a thing to detect, protect, or recover from whatever the bad guys do. Or more specifically, it will do only what you have specifically set it up to do.
By analogy, the lock on the front door of your house is "more important" than the lock on the front door of the police station--because there's no one behind your front door but you, while the police station has dozens of armed and trained officers behind their front door.