Check out this article http://dwarfurl.com/9de21
that discusses the ineffectiveness of site-authentication images as used by some banking sites like bank of America and country wide. I personally agree, first because I can never remember the image and if every site has its own image then I will not be able to remember all images and will eventually learn to completely ignore it.
On the other hand, I like the idea of a high-level domain for financial institutions e.g. .bank. There is a post about it at http://www.computerworld.com/blogs/node/5464
What do you think about site-authentication images? Does it work?