The topic is online banking authentication so your points are mostly off topic.
-It could easily be configured for use with email, ssh, imap, ldap, radius, etc
-The amount of digits required from the user is configurable to any amount, it is a rolling password so while the demo requires 4 it could be 20 same goes for the amount of transaction information encoded into challenges.
Even though its off topic il bite
-I dont buy the argument that your phone screen is more personal than any other screen. If ninjas are in your house / office taking secret snapshots then the same kind of photographic attack or other cloning / switching of devices etc could be done against almost any device / terminal display / set of keys and you have bigger problems, that proximity attack argument could go on forever ending in a rubber hose. For what its worth the visual key patterns can be obfuscated with transflective laminates etc very cheaply or for a few bucks extra could be electrochromatic like any device but the cost justification just isnt there when a piece of plastic only costs a few cents and it is designed for online authentication. Personal attacks are beyond the scope and frankly with the developments in remote electronic scanning I feel more secure about these non electronic cards than my RFID cards.
For online authentication it solves the MITM attack problem and does it extremely cheaply.