During that "career in banking" Oligonicella must have been too close to the forest to see the trees. Either that or his verbage is careful sophistry...
Of course banks "implement security" for the right definition of "security", that was never the issue. The issue is how much security. Banks at best are just like any business -- they determine the minimum to get by, maybe add a little for show, and that is all they implement.
Banks do the normal cost vs. benefit analysis on their security. They implement the minimum security to balance the equation. If they implemented all possible security they could not afford to operate (cost and convenience) so they always implement less than the maximum security.
Before any further denial, or any more vapid claims of bank security, to have any credibility you have to excuse/explain existing bank security flaws. The first that come to mind include why have U.S. banks not yet switched to chip and pin or at least some similar or better level of proof that the user of the credit card is authorized? And why do they not require an auth token (e.g. secureID or other hardware/software equivalent) for online access?