Thanks very much for your detailed reply. I hope that you're right, it's just that I had sort of understood that in the matter of financial operations on computers, all links in the chain were typically encrypted, or supposed to be at any rate. I don't pretend to be an expert on the systems used by banks, but it's easy to see that if there are unsecure elements in the chain, any of those elements, if compromised, could lead to a criminal having easier access to the system.
Hopefully this is what has happened and hopefully the systems used by banks in the US and UK are far more secure than those used ny the banks in South Africa.
If for example, I gain access to your computer, then my software would wait in hiding, until you connect to your banks web site and login, then have my software issue a couple of additional transactions, transferring money to my account. I have no need to decrypt anything to accomplish this, as your PC is momentarily trusted (when you are logged on to the banks web site) to issue instructions against your bank accounts.
Or, the other possibility if I can gain access to your PC is that I can steal enough information from your Quicken file, say, to enable me to make my own purchases with your credit card.
In neither case, did I have to decrypt anything.
Similarly, if I could get some software hidden away in the one of the banks computer that is allowed to issue account transactions, then I could have that software issue transactions against any of the accounts of that banks customers.
Or, the other possibility if I've cracked the banks computer is to copy out sufficient account information on many customers to enable me to issue fraudulent funds transfers against their accounts.
What's valuable in any case is not learning the details of any particular legitimate transaction, which is what was usually protected by the encrypted data transmission. What's valuable is being able to issue additional transactions, that direct the theft of money, whether by directly issuing them from a trusted computer such as your PC when you are logged onto a bank site or an actual trusted computer within the bank itself, or by issuing normal credit card charges or funds transfer requests, using previously gleaned account information.
In summary, I (as hypothetical thief) don't care one twit about your transactions (which is what the encryption hides while being transmitted). I want to have either enough access to the right computers or enough information about your bank or credit account to be able to generate my own transactions against your accounts.
Just keep watching the banks transactions against your various accounts, and object if you see one that you didn't authorize. They will refund your money for fraudulent credit card charges (above a $50 minimum, if I recall) and other fraudulent checking or saving account charges (if the bank is honorable.)
I take significantly more care than most people do to avoid being the victim of fraudulent changes, and I still catch one every few months. In some cases, I never did figure out how the crooks managed it, but I've always gotten my money back. Usually its others in my family who created the exposure, as they are less paranoid and computer savvy than I am, which is to say they are normal people who have to put up with my weird self.
See the latest posts on the thread Watch out for this online credit card fraud via Fandango.com!! for the latest way that the bastards tried to get some of my money.
The cure is always the same - quickly identify and protest any unauthorized transactions on any of your credit, checking, savings or investment accounts. And watch your credit reports for signs of identity theft, which can unleash a flood of grief, if not caught quickly.