As a european I again find it crazy what kinds of insecure stuff the banking industry in the US does. Chip+PIN arrived long after they did here, SMS Tan is still a thing while EU Payment Services Directive 2 (PSD2) forbid this in 2018, 7 years ago.
Many transactions are still authenticated via signatures on paper cheques, you can use your credit card without a second factor (also regulated by PSD2).
I just can't understand why they continue doing this, when I'd assume fixing this would cost less than what fraud must be costing them today.
In the case of credit card payments this is true, but for checks and other P2P payments, there is no merchant to pass on costs to.
For these, it's usually the banks absorbing the losses themselves (or their customers, if they aren't legally required to, but in many cases they are).
Check fraud is a relatively small percentage of all fraud.
It's also pretty much a solved problem, it's expensive to cash a check anywhere but into a checking account in your name. If you write too many bad checks or try to deposit them you'll get banned from... the entire banking sector.
Yeah – because the US, until recently, didn't have push P2P payments via banks. The only thing you used to be able to do in your online banking was checking your account balance or maybe initiating wires (which are so expensive that manual review is probably not an issue).
Zelle is changing that and is, expectedly, running into a wall of fraud since banks don't have the authentication infrastructure/know-how to actually support it.
