Zeus-style malware now beats out password phishing for the dubious honor of "the greatest threat to online banking today."

That's according to a new survey of more than 70 financial institutions from PhoneFactor, an Overland Park, Kan., provider of phone-based multi-factor authentication.

The survey also found that while banks and credit unions are aware of the threat, they're not always fully educated on what to do to protect their customers and members, PhoneFactor said.

The survey, conducted in November, found that real-time attacks from banking Trojans such as Zeus and Clampi variants were seen as the greatest threat to online banking by 51% of the respondents, compared to 24% who cited phishing and pharming attacks, the company said.

Both were frequent, however, with 69% of the respondents saying they had seen an increase in Trojan attacks over the past and 55% saying they had seen an increase in phishing forays.

The survey also found that only 37% of the respondents correctly understood that current security measures such as one-time passcodes don't protect against man-in-the-middle attacks like Zeus and Clampi.

PhoneFactor said 79% of those who do recognize that threat plan to use such methods as out-of-band phone calls, transaction verification and biometrics to protect online banking channels.