I presume the argument some middle management type makes is that exposing their security protocols makes it trivial for a fraudster to work around. Obviously this is a fallacy because any genuine fraudsters has the incentive to work this all out by trial and error, if the information isn't freely available to them on some dark corner of the internet.
Trial and error takes time. Potentially a great deal of time. A motivated fraudster will likely get caught and stopped several times along the way if they're attacking a particular bank.
It's worth bearing in mind that most financially motivated criminals are after easy marks. If you're too hard or expensive to hit, they'll find another target. If you're seeing like a bank, that's a victory and the protocols are doing their job by reducing fraud.
