You didn't pay for that
Security, that is.
The fact is that people take a lot for granted. For example, that a subsistence wage call center worker in India or the Philippines is going to be able to handle a social engineering attack with the sophistication of a security analyst who has been doing the work for a decade and has an income in the mid six figures.
Last I checked PayPal doesn't charge any kind of fee to maintain a personal account with them the way most banks in the US do. Even at that, the people answering the phones at those US banks are also all low wage employees who don't enjoy the health benefits, stock options and year-end bonuses that the executives running things get. They might be called "associates", but they're really just checkout clerks.
Bottom line is that until the people on the front lines of financial institutions, online or brick-and-mortar, start getting paid commensurate with the impact their actions can have on the customer's privacy and security, nothing is going to change.
Simply forcing them to watch several more hours of instructional videos won't do the trick..
Biting the hand that feeds IT
