I’m actually kind of surprised no one has screwed with them by locking out a ton of people. They lock you out of your account and make you call customer service if someone enters the wrong password a few times in a row. Someone could write a script to try random bank card numbers and just put in garbage passwords when they hit a valid one. Do that with a botnet and customer service would be overwhelmed.
I suspect you’re right about why they don’t bother with proper security. Banks in Canada are huge. They don’t need to care.
