The mechanism works as follows (I confess it took me a while to work out the subtleties):
- Do not allow clients online access to their accounts
- When challenged, respond with 'It's to ensure the safety of your account information'.
Ingenious - I can't share what I don't have.
I understand their hesitancy about enabling client access - who knows just whether or not this 'Whole Wide Web' thing is going to take off.