The only reason the banks use these systems to begin with is the FFIEC guidance. These "improvements" were not voluntarily put in place by forward thinking bankers, they had to because their regulators told them to. So it is all about the cost of the system. Before anyone says Chase/HSBC makes X billion dollars profit keep in mind that these regulations also apply to smaller community banks with 5 Billion in holdings.
Keep this in mind when you assess any of these systems; the authentication systems are not put in place to manage customer risk, they are put into place to manage regulatory risk.
Keep this in mind when you assess any of these systems; the authentication systems are not put in place to manage customer risk, they are put into place to manage regulatory risk.