[ben509]

Finance is worse than most industries because financial institutions grow by acquisition. You make money by managing customer assets of some sort, so you're constantly buying up smaller companies, and the main corporation is this frankenstein's monster of smaller companies.

Not only does anything digital has to be transferred over, but often customers have to be persuaded to agree to new terms, which is obviously a long, complicated process.

They also have legal legacy as the government will always grandfather old accounts when the law changes. So the banks may have special accounts that are obsolete but a few customers like the perks, that could live in an old system of their own.

Plus there are various deals they've made over time that might restrict one part of the company from doing some activity, any kind of international stuff is a total mess, it goes on.

All this means they have a ton of duplication and are constantly trying to merge their internal systems, on top of the normal awfulness of any non-tech company trying to do technology.

[JakeTheAndroid]

But, in the same breath, these are the same institutions that have the highest compliance requirements. It seems crazy that when I get these random vendor questionnaires they require such strict password requirements, yet financial institutions aren't included in adhering to these best practices.

[ben509]

They've got lots of compliance requirements, but I don't think they're all that strict.

As a consumer, do shop around for someone who has good security practices, and point non-tech people towards them.

Theoretically, in any fraud you can get all your money back, but if the bank decides it was your fault, you have to take them to court.