Multi-factor authentication (MFA) gets its name because there are multiple methods of authentication, to further reduce the risk of fraudulent attacks, both remote hacking attempts and local phone theft. The second factor of authentication that we are adding to mobile further reduces the risk of remote fraudulent attacks, because the phone is "something you have" and the login has to be verified with the specific phone that is tied to your account with the phone in your hand at time of login. If a phone is stolen and the thief attempts to log in, then the attack is no longer remote. At this point the thief still must initially get past the username and password. The "something you know" factor (member ID and password through the app) is one channel of communication and authentication, while the "something you have" factor (pass code through SMS or Voice) is another channel of communication and authentication. Thus, multiple channels mitigate the risk of malicious remote and local attacks. Additionally, remember, you can use a different phone number than your mobile phone number if you choose. Hence, you could enter your landline or office number to authenticate your mobile device to further reduce risk. Finally, if you do have your phone stolen, the best defense will always be to call your carrier and have it deactivated and its data remotely wiped, just as you do today, as there is more data on a phone that you will want to protect than one particular banking app (such as contacts and email, for example). Additionally, you can also utilize other iPhone and Android native app capabilities of remotely locking or wiping the phone.