I work on the CMS side of banking, where promotions and current rates are posted regularly. All actual banking is done through a first-party link to external systems. The amount of scrutiny and regular application scanning for vulnerabilities that is done on the CMS software I've built drives me insane, considering the glaring holes in security that affect their systems that actually deal with money. I take security seriously, and it's one of the main selling points of the software I build, but knowing how poorly made these systems are that house what a malicious user actually wants makes me understand how much of society's systems play security theater.