I wrote (emailed) my credit card company, outlining for them the security holes they have on their website login. It's ridiculous that a supposed "premier" financial institution has such weak security for their website.
I ended the email with "I'm not comfortable using your website until you rectify these security concerns."
I got a response. I should say I got a link to a response. The email reply told me to log into the message center on the website to read their reply.