Banks in EU are solving a different problem, they want to ensure only account holder can get through the auth process, and if attacker makes it through, liability is on the account holder, not the bank. Frictionless means more transactions to offset loss from fraud borne by bank.

Still doesn't reflect the fact that these FaceID and future facial recognition is something you have (a very specific enrolled phone) and something you are (FaceID). They need to update their advice to match reality.

Doesn’t matter how secure it is. Contractually, the EU banks can hold their 2FA vendors accountable, and pass on the costs to their customers. EU banks can’t do the same with Apple.