For a personal experience, I've been using internet banking for a long time. Practices including monitoring, moving amounts and buying using credit cards (Done that dozens of times). Never, I have noticed a single flaw or problem. Never had to discontinue a credit card. However, one incident is that (after many years of usage) the credit card company canceled my card for no announced reason :?. I had to renew and get a new card.
From a technical point a view, here is what comes into mind:
1. Never sign in to your banking account using a public/cafe computer unless you make sure passwords are not saved. That you log out. And cookies expired/deleted after session (usually closing the browser should do it)
2. Always buy from legitimate/prestigious/secure selling sites only.
3. Access your online banking Web site by typing the URL into the address bar or by clicking your personal confirmed bookmark, rather than clicking links you might see in an email or an instant message. Such links could lead to phishing sites that can be malicious.
4. Always check for the browser "lock" icon, but understand that this only means a secure SSL communication channel, not necessarily a legitimate web site. Clicking on the lock will typically show you the Website SSL Certificate, if the website/company/bank is really who it is claiming to be, the Certificate will show that and it will show you which authority is confirming this verification. Such as Verisign.
5. Use a strong password, at least eight characters, with a combination of numbers, letters, and punctuation symbols. Don't use the same password for banking that you use for other online accounts. Change your password periodically.
I have to say that with the recent flaws in MD5 hashing algorithm:
One might start to worry since typical SSL/Certificates use MD5. Still, it's not straight forward to exploit the flaw since it requires a huge amount of cpu power first, then it will require a phishing site or doing a man-in-the-middle attack. Thats as far as I understand it from what security researchers say.
isp cant really do much about it since bank traffic SHOULD be encrypted in some way or another. its mainly just the end user to not give away their passes and the bank to check their website frequently for any hijacking/cracking.