[samtho]

I’ve worked in financial-adjacent industries and this is a very cynical view. Most banks use contractors that specialize in banking who rip off features of the big banks and up sell them on all these “features” such as preventing copy/pasting into a confirm account number field. This type of thing looks good on a proposal, execs eat this shit up because it looks like they are choosing secure products and using “tried and true” methodologies even though it’s a simple JavaScript barrier that does nothing practical. Financial institutions play everything safe because they themselves do not want to get fined and as a result, they end up all ripped each other off. My best bet is that some genius copy/paste savvy CSO/CTO thought this was a good idea and everyone else started copying it.