Seems like it would be easy to accidentally press the checkmark instead of the x.

I guess John Smith never learns...

wouldn't this be dependent on the user? if the user is lasy and confirms without reading properly, wont this defeat the purpose?

Nooooo, it shows up to the user that he is paying correctly but the hacker changes the destination

And how hard can it be to insert a man-in-the-middle devicedriver that emulates this device and makes it even easier for fraud (if a lot of banks use this) by emulating both channels to the device(s) (bot the ztick and the bank). I'd say this LOWERS the chance of getting hit by fraudlent individuals, since they have easy targets.

The "bad guys" don't gain anything by inserting a MITM device driver as long as the ZTIC controls access to the "real secrets" (crypto keys, smart card, PIN, e.g.) and operates on them only after displaying to the user the data to be exchanged with the server: The user would see the MITM operations (and cancel the operation) and the server would not accept changes by the MITM software --assuming we trust TLS/SSL to be a secure protocol :-)

based on the video diagram, the ztic has it's own correction (I guess over the cell network) tot he bank, so what ever is displayed is sent to the bank without going back to the PC, otherwise, indeed it would defeat the purpose.

Hmmm what if a virus/malware-programmer creates a virus/malware for that stick? so when the user stops the usb the virus/malware copies it self to the stick and the stick is conatining virus? Then the stick is a bad idea?

If it were possible to load software onto the ZTIC, then you were right. However, it's been designed so that this should be _very_ hard (I'd say "impossible", but you never know :-) It'll be much harder than with PC's anyway :-)

Yeah but still, Blueray was said to be "unbrokeble", but today I saw some news that they have cracked it. So it is just matter of time until this stick is cracked too and then the virus-creators will just proceed. In my opinion this solution suck. But it is a better then what I would thought of ofc.;)

The ZTIC (or Zone Trusted Information Channel) is a dongle that allows for secure banking, even on a very infected machine. The way it works, is it opens an SSL connection with your banks servers, keeping data safe on its side (with no internal storage of its own) it doesnt have internal storage making what you say could happen, impossible.

bravo

this can be used in any country, and diferent banks????

In principle and technically, yes. For security reasons, ZTIC needs to be configured to support specific banks, though (it only connects to configured servers).