Comment by antman

Especially if the burden of proof of fraud falls mostly on the consumer. This is how it works, we don't know the actual ratio of fraudulent vs ok cases so we compare accross institutions. If one institution is an outlier than arbitrarily changes the acceptance threshold pushing the cost to the grieving consumer.

If on the other hand the cost of misidentifying a case fell on the institution then they would simply accept only personally identified payments e.g. sms or other 2fa at virtually no cost for them and effectively zeroing fraud

In some places with more modern banking, this is pretty common