> You can give someone a job and also ask them to do it a certain way.

And they can say “no”. Which is pretty much what the banks do.

Obviously I'm talking about potential regulation, not individuals walking up to the bank and asking them nicely.

That’s a different kettle of fish, and to that I say, good luck.

Regulators are one of the entities pushing for these types of limitations. It’s a natural consequence of doing a risk assessment, very hard to justify not applying these limits when explaining to a regulator how you keep your customer funds safe. I’m speaking from experience here having worked with a team that attempted exactly that, but ultimately ended up adding jailbreak/rooting detection anyway.

It's unreasonable to ask them to do a job, and then tie both their hands behind their back and tell them they have to accept being punched in the stomach and that they should be happy about this.

If you want to tax banks and pay the money directly to fraudsters, I guess that's a model you can aim for.