One thing I'm very surprised is that the banks have not tried something like SMS/phone confirmation for new transactions, at least not the banks in Ireland anyway. The only time they usually call is after several suspicious transactions have already taken place.
For example, if a person places a first time order with a company or does a bank transfer with someone for the first time, the bank would call or send the owner an SMS asking to confirm the transaction. All the person would need to do is reply with 'Yes' to confirm the transaction. If the person does not recognise the transaction or bank transfer, then they immediately know that their account has been compromised. In this case they reply 'no', which in turn prevents this transaction taking place and also alerts the bank that this account has been compromised.
The only way a fraudster would be able to get around this would be if they manage to both get into person's account as well as hack their phone/mobile to be able to confirm their criminal activity.