Since when is authentication UX inside of a game the responsibility of the individual bank? That would be super crappy if every bank had their own auth ux in every digital platform.
Most banks have a 2FA system involved, especially for transactions that fall outside the trend. It's used primarily to combat identity theft. It's no different in the case a kid does it (conceptually, can't speak for legalities).