The Belgian consumers organisation Test Aankoop says that banks should stay responsable for all problems with online banking and shouldn't expect from users to be security experts and to keep everything uptodate and to punish them if they get defrauded because their computer wasn't updated.
I agree with that. But there is no fundamental human right to have access to any online service if your computer is insecure and could pose a threat to the service you want to use (or to yourself but that would reflect on the company).
So there is a right for banks and other online service to refuse access to computers that don't have an updated antivirus, security updates or a firewall installed. And banks or other services could decided that to make it easier to secure the connection their users should use pre-installed software or special dedicated lines. They should also be able to set whatever norm they want for the login and authorisation (or whatever combination of authentification methods).
If they are to pay for any damage, they have the right to limit the risk as much as they want.