Of course it's BUNK
This goes against reports from Verizon, Gemalto, FFIEC, PCI, etc.
Unless this report by NCC Group is only on undeveloped financial sectors.
Also be weary of reports which you can't view unless you become a member. Most security reports are in the open... and this means open to scrutiny and review.
This report is provided more as a phishing scam, behind doors.
As someone who is a pen tester in the banking industry, I can tell you information security has improved greatly over the past 2 years.
Notas... if you think you were talking to an administrator, security analyst, or developer... then you're mistaken. Banks don't waste these employees time by answering questions from the general public. A helpdesk person isn't technical. Their job is to write up tickets for the experts to deal with.
Not to mention, if someone asks me what we are using for a firewall, protocol communication app, etc... do you really think I'd tell them? THINK man.