Alternative: Banks are incentivized to better authenticate people, rather than relying on faulty KBA and public IDs like SSNs—information that is often leaked and can be phished.
That being said, none of the compromises described in the comment chain thus far required action on the part of the consumer; they all involved compromises of third-party companies. Like T-Mobile.
Imagine a world where banks have to pay you for identity theft protection so that you're more "diligent" about not going to phishing websites.