I can't stand corpware, and so apps and modern websites are of little use today. But I gave a past bank a chance, they had a mobile number and would use it with their standard security procedures and policies. Uh-toh. So the bank knew everything about me, because they had my money too (hang on, that sounds like a really crap deal). What I did for the phone number is bought a PAYG SIM (with some credit) and put it in the 2nd slot in my simple phone. I never gave anyone but the bank that phone number. The bank also did not have my normal phone number. I did not register the new PAYG SIM, meaning that if a scammer has all my data and can nearly get into the bank, they cannot use the same data to get into the mobile phone customer services, even if find the private bank-only phone number. I set a password with the mobile phone customer services though, but when I did call once they didn't ask for it, and did credit top-up checks and the other things they ask for unregistered PAYG. Still questions a scammer couldn't answer, but that isn't the point. If "Hi, I'm from your bank" ever phoned, or text me, on the wrong SIM, I would know it was a scammer. My actual bank was not allowed to use the phone number they had for anything, other than security stuff. A SIM per financial service is preposterous though, but that is the service economy: get the customers to do work for the company, and maybe more importantly, take on risk. Some kind of virtual SIMs might be plausible, but the unregistered PAYG is actually an important detail to the security I tried to add to online banking and bank services. Oh yeah, and if you call anywhere, always withhold your phone number. Orgs love hoovering data to auto-populate their user databases.