That’s a worse framing than above. It doesn’t matter if it’s a cost or a profit center. It’s part of a trade off.
You could achieve a perfectly secure system, if and only if you make that system do exactly nothing. If you want to achieve any other outcome you will have to trade some measure of security for the ability to do anything. Or as Matt Levine so aptly put it: the optimal amount of fraud is non-zero
