Your system (Cogneto Unomi) is a step in the right direction; congratulations. But it has a couple of characteristics you can improve, IMHO:

FIRST: To fight phishing, the very *first* step in mutual authentication is Bank/company authentication, not user authentication.

Explanation: in the demo, the user answers / clicks BEFORE he/she knows it is the REAL website and not a FAKE website. So he/she is at risk giving out the secret information.

A phisher has no problems to ask for password, then a sequence of clicks, your SSN, mother maiden name, and so on.

SECOND: To fight phishing, the real website must be dificult to be REPLICATED by a phisher fake website.

Explanation: Given the current personalization is based on pre-selected scenarios (restaurant, etc) the phisher can replicate the scenarios, colors, food, pieces, etc and track all user clicks.

I suggest, at least, to INCLUDE at the beginning (after password), one personal QUESTION selected / written / specified by the user herself, in the enrollment phase. For example,

My QUESTION: Why did you repeat 4th course of school?
My ANSWER: Due to fracture

USER: "I dont see My QUESTION; it's a FAKE website"

And these ideas, can be improved further by your company. Congratulations again!