Which bank was that? As someone living in France, I bank with one of the "big banks" and even though I have no idea how their internal networks are laid out, I can't help but shake my head in disbelief whenever they send me an SMS to confirm some operation "for my security". Think adding a new transfer beneficiary, making a "large" bank transfer, or paying online with my credit card. The SMS doesn't even have all the details of the operation. It's something like "are you trying to pay X €?". No word to whom, from where, etc.
This isn't a step up from "nothing", mind. Initially, I used to have some kind of OTP fob for paying online. They then moved to SMS. Then to their app attached to my iphone. Now, back to SMS. I still have the app installed on the same iphone, and I use it regularly.
(Probably, why take risk) Can't tell the bank name (but yeah, in the top 4 by size) and not trying to defend your bank but the SMS validation thing is actually on the state 'fault' and you are in fact legally covered in most cases, I don't have the legal text on hand but by typing in google : https://www.moneyvox.fr/banque/actualites/77237/fraude-sur-c... Look for Code SMS and you have a link to the european reglementation. I assume one of the reason is that in fact in case of phishing wire transfert are heavily monitored and reversible. Without giving technical details, in fact 'a lot of peoples' have actually large right to move sums of money around. The trick is that's it reviewed and reversible for days.
This isn't a step up from "nothing", mind. Initially, I used to have some kind of OTP fob for paying online. They then moved to SMS. Then to their app attached to my iphone. Now, back to SMS. I still have the app installed on the same iphone, and I use it regularly.