Unfortunately, that sort of static information frequently is targeted for phishing. The bank can keep telling people that they will never ask for all the codes at once, but some subset of customers will happily comply with such a request in a badly written email.
Mind you, dynamic 2FA frequently only narrows the time window in which phishing is effective. Even with transaction-based 2FA, you'd need people to actually read the text message the bank sends them with the transaction authorisation code.
Mind you, dynamic 2FA frequently only narrows the time window in which phishing is effective. Even with transaction-based 2FA, you'd need people to actually read the text message the bank sends them with the transaction authorisation code.