[skylark]

It's a financially motivated decision. Banks have a high percentage of people who are tech illiterate. Many of these people don't use the password reset when they forget their password, they call tech support, which costs banks a lot of money. Banks realized they could reduce this call volume by making their passwords case insensitive and simply refund people if their accounts get breached.

Most banks also have a mandatory security question, which makes it marginally more difficult to get brute forced.

Source: Used to work at a bank. Would not recommend.