It is the banks fault if they allow non-reversible, weird or large transactions without a secondary authorization capability.

The bank’s bad processes are not an end device fault.