Xbox has all of microsoft behind it, and they linked xbox accounts with microsoft accounts many years ago, allowing them to leverage all the security tools they’re making for themselves and corporate customers of Azure/Entra. They also effectively have infinite money.
Banks, surprisingly, do not. They also are often using third party systems under the hood for things like online access to your account. Those third parties tend to have less money than a bank.
Laws can’t keep up with tech developments in security, and getting all your ducks in a row to be legally covered in the finance industry is a fucking nightmare.
Lastly, banks (and companies) don’t stay afloat by spending money on things that aren’t necessary. Until it shows a significant impact through a breach or in customers leaving specifically for the reason of lackluster MFA options, and until that impact is easily communicated to the executives, trying to fight for some budget to improve shit is an uphill battle.
I am so so glad that the closest my work gets to customers, legal, or anything regulatory is data rentention policies.
Xbox has all of microsoft behind it, and they linked xbox accounts with microsoft accounts many years ago, allowing them to leverage all the security tools they’re making for themselves and corporate customers of Azure/Entra. They also effectively have infinite money.
Banks, surprisingly, do not. They also are often using third party systems under the hood for things like online access to your account. Those third parties tend to have less money than a bank.
Laws can’t keep up with tech developments in security, and getting all your ducks in a row to be legally covered in the finance industry is a fucking nightmare.
Lastly, banks (and companies) don’t stay afloat by spending money on things that aren’t necessary. Until it shows a significant impact through a breach or in customers leaving specifically for the reason of lackluster MFA options, and until that impact is easily communicated to the executives, trying to fight for some budget to improve shit is an uphill battle.
I am so so glad that the closest my work gets to customers, legal, or anything regulatory is data rentention policies.