Only banks seem to take security
Banks? I beg to differ, in the extreme... many banks are IMAO absolutely clueless when it comes to security.
They often accept 'postcode and date of birth' as 'proof of identity' for customers calling by phone.
That is despite the fact that DOB is trivially easy to find out for a great many people. And when banks call the customer, customers are expected to provide answers to security questions, even though the call could be fishing. Calling line ID means nothing, it is as easy to spoof a calling line ID on a phone call is it is to spoof a 'from' address in email.
Their liability for fraud is often non existent when the bank thinks you have disclosed passwords or PINs, or even just wrote them down. They then create password requirements that are so horrendously complicated that most people must write it down to have any chance of remembering it.
They are generally in complete denial about the actual possibility of transaction errors caused by hardware or software bugs (or hacks), despite the fact we all know that all software has bugs, all servers will eventually be hacked if somebody tries hard enough, and that all cash machines will once in a while miscount some bank notes.