There are ways to mitigate the risk
If it can do a depth map like Face ID does, or if it is live asking you to do something rather than just a live shot of your face that could be clipped from social media.
There will still be risk, sure, but online transactions by their nature will always have an element of risk. Even in person transactions carry some risk since these days the "bank where people know you personally" is less and less common. They show up at a different branch than the one closest to you with your bank card and fake ID that's sold off eBay for $50 they're getting your money 9 times out of 10.
While I personally wouldn't use it, they should be required by law to support some type of hardware 2FA device for those who have really high value transactions or are simply paranoid. For me I'd be satisfied with Face ID on my phone to verify me, because the bar of "they have to steal my phone and fake out Face ID" is high enough for me to feel comfortable.
If I was so wealthy that I thought I might be personally targeted by criminals to steal my phone as above I might want to raise the bar, but at some point the "grab me and threaten to hit me over the head with a $5 hammer" scenario becomes the weak point in one's banking security.