This also underscores why the whole "banking through SMS" is not trustworthy - the telecoms are not banks, and are essentially weak points in the security chain.

The only way to do this properly is certificate-based 2-factor like with Google's Authenticator app.