"We're underestimating Jesse James here," Kellerman tells CBS News correspondent Thalia Assuras.
A widely respected cyber-security expert, formerly with the World Bank, Kellerman says organized criminals — even terrorists — are hijacking the Internet.
"They're taking screen shots of what you type in as your password and sending this back to organized criminals," Kellerman says.
Security experts estimate that one in three computers worldwide is infected with some version of software that steals personal identification numbers (PINs), passwords and personal data — and delivers it all to online crooks.
"The concerns we have is that there be more of these attacks," says Tony Chew, director of technology risk supervision for the Monetary Authority of Singapore.
Chew regulates online security for Singapore, which three years ago declared that PINs and passwords were not enough to protect online banking — and ordered banks to adopt another layer of protection.
It's called two-factor authentication — simply proving who you are in more than one way. How? By using something you "know" — like a PIN — along with something you "are" — say, your thumbprint — or something you "have," like a token, a keychain device that spins ID numbers several times a minute to match similarly timed numbers in your bank's database.
The token (something you have) and a PIN (something you know) will access your account.
"We tend to be proactive, and we want to maintain and enhance confidence in our banking system," Chew says.
In Japan, it's the unique pattern of palm veins (something you are) combined with a PIN (something you know) that grants access to ATMs.
"That makes it very difficult for someone to copy," says Scott Ikeda of Fujitsu Ltd.
For now, though, U.S. banks are resisting dual-factor authentication as too expensive and too confusing to the customer.
"The ironic part is many of these banks have actually done this for their European and Asian consumers because of regulation," Kellerman says, adding, "Maybe we should emigrate."
Some U.S. bankers call Kellerman "Chicken Little." But he's not alone in thinking the Internet sky really is in danger of falling.