I'd agree there - step 1 is to avoid doing things like banking on a work network.

I'd also agree that it should be rather difficult to intercept PINs and passwords with anything other than a keylogger. Heck, the latest (non-viral) keylogger I used actually doesn't log passwords. I watched someone log on, got their username but not the password. I presume it doesn't log any field marked as password.