Sure, testing can be used as a tool. Security testing should go a long way to preventing cyber crime. However! In the case of a bank, software testing should not be the tool used to prevent cyber crimes. In the case where identity theft and/or financial information, including credit card information, is at risk, there should be monthly, in-depth security audits by third-party security experts tasked with finding possible security holes in your application. Make no mistake, SQA are not hackers. We might know some things about how hackers may try to exploit a site. We may even know how to hack or exploit sites ourselves, but it's not our primary job function and, as such, I would trust that to a security expert, not a tester.