I realise this is not a solution that will appeal to everyone...
My bank still sends paper statements. Even if you opt for paperless transactions, the once/year "Form 16" (in Indian taxation; I forget what the US calls the eqvt) is still on paper, and comes to your mailing address.
I'm wondering why they can't print some part (or whole) of the SHA-1 fingerprint as part of the bottom banner so that at least knowledgeable users can verify their online experience very simply.
Maybe it's a stupid idea in todays world to rely on paper, I don't know, but I wouldn't mind having to do so for at least my bank, even if I may not care about my gmail being so protected.