Why would they give a S%&T
Its simple !! The banks just DON'T CARE!!
As long as they have transferred the responsibility to the customer and they can argue "they are not liable" why should they care, your the one swallowing the cost of a fraud, not them.
Every time your Bank phones you and you challenge their identity they fail authentication, the most basic security check. But they expect nay demand you provide answers to their "security question" to an unauthenticated calling source. TOTAL FAIL.
Biting the hand that feeds IT
