That highly depends on your country (and I don’t know if there is really no way for you or you just don’t know the one alternative you have). With smartphone only I would not be able to do any kind of online banking, because I do not own a smartphone. I told it my bank and they said “you can buy a TAN generator”, which cost me 25€ one time. From friends I knew they payed half the price, because they had no camera in it to capture QR code (which I would have preferred, but was not an older device 
). Anyway, the good thing is, it is not only more private, but also more secure and gives freedom to use any device to make online-banking (usually phone is a not possible without compromising 2FA).
Reporting costs nothing to you. At least you can try. At this specific case it is maybe a good thing to read GDPR related parts of why the bank may can use such data and why they should also give alternative methods for data minimalism. It is maybe a good idea to speak with data protection NGOs in first place to get some hints.
Companies have a valid interest to use some data, but I think in this case it goes beyond that. I’m no lawyer, so I could be wrong, but that is how I would rate it for now (NGOs can give better answers).
I’m pretty sure the “short time” will be countered by AI reading the screen for those words etc. Really, both sides will use stronger weapons over time. I saw it so often on other “battlefields”. It just becomes worse for normal people (including us).