In hopes of fighting Internet fraud, some online banking sites make customers use “virtual keypads”–a method of entering passwords on the screen, generally with a mouse. The system is designed to thwart keystroke-logging programs that capture everything a user types. Now those virtual keypads appear just as vulnerable to snoops.