Do you really think the banks give a shit if hackers take 3bn a year? NO they bloody dont, but they do care they have to replace it.
When i was new and first used the internet i asked the immortal question - how to protect myself online, and was quickly told - by not connecting to it.
when i was studying in the 80's it was common practice to have 1 machine with internet access - back then it was modem attached, and everything else could not even take a disk from that machine the entire network did not connect to that one machine, nothing passed to or from it.
A group of extremely fast typists took data from it, and manually fed it into the network servers, and vice versa.
Four of them could handle 3m transactions a week. which was as much data as the hayes could send / recieve.
They were later replaced by boxes, specially built that took raw data, and converted it, electronic switches that could not be exploited without physically changing the layout of the board, and reprogramming by moving electronics. It did not process anything it simply took a stream of data of one source, and outputted it formatted to the other source, and as it was encrypted the servers would not run it.
Thats how it used to be done, either manually or with very basic electronics, today with all the speed/ extras that does not work, but it can and should be re-introduced to banking, there is no reason why the atm system for banks should be anywhere near the internet, and the call back etc technology scrapped. The machines should be electronically tagged to only call 1 number, if the number changes rebuild the board.
Then pin theives couldnt go online and hack into weak links because there would be no connection, and they couldnt dial into a weak point as the machines dont have modems,