"Online Fraud Threats Show Constant Evolution" provides the perfect example of why you can't regulate software security solutions. The criminals adapt (we are dealing with professionals now.

RSA observes that emerging threats, multi-channel fraud and exploitation of unprotected applications are among the latest patterns and trends this year.

Further more this software has become a business, complete with software subscription plans.

Crimeware is also on the rise—apparently so much so that crimeware developers are even offering upgrade packages to buyers in the fraudster underground. When crimeware becomes detectable by anti-virus providers, developers will deliver a new ‘undetectable’ variant at a minimal cost, the report said.

  And our banks response is to implement Wish-It-Was Two-Factor.  Even legitimate Multi factor Authentications is at risk,

A German-speaking hacker crew is looting commercial bank accounts in four countries using a custom-built Trojan put in place by expertly crafted and extremely focused phishing attacks, a security researcher said today.

The malware's most distinguishing feature, said Don Jackson, a senior security researcher at SecureWorks Inc., is its ability to mimic the steps the human account owner would take to move money  Sophisticated Trojan loots business bank accounts

The best thing the Government can do is regulate a mandatory disclosure policy of all exploits.  This should drive the market in the correct direction.