Then literally every US business and government is not trying to be secure. I cannot name a single organization that does not have the option of or requires SMS 2FA.
I think the government and large businesses like it that way, as it makes the mobile network providers as a sort of credit check (or “are you worth dealing with”) mechanism.
Now that is more of a problem than a bank. Which is why someone beeds to integrate OTP tokens into ID cards, closing the issue.