[nindalf]

The bank could be liable because they’re supposed to authenticate the customer making the transaction. Either they did the authentication and the kid passed it (banks fault for bad auth) or they didn’t do authentication for a better UX and it’s still their fault.

[theRealMe]

Since when is authentication UX inside of a game the responsibility of the individual bank? That would be super crappy if every bank had their own auth ux in every digital platform.

[junon]

Most banks have a 2FA system involved, especially for transactions that fall outside the trend. It's used primarily to combat identity theft. It's no different in the case a kid does it (conceptually, can't speak for legalities).

[nindalf]

3DSecure? Ultimately the bank takes the call on whether to authenticate a 3DS transaction.