The point is lowering liability. By choosing to not use voice authentication (or whatever), it becomes easier to argue that fraud is your fault. Or if you did use it, the company 'is doing everything they can' and 'exceeding industry standards' so it isn't their fault, either. It also just makes them seem more secure to the uninitiated (the security-theater bit, yes).
Maybe one day someone will successfully argue that adding easily defeated checks lowers security, by adding friction for no reason or instilling false confidence in users at both ends.
Maybe one day someone will successfully argue that adding easily defeated checks lowers security, by adding friction for no reason or instilling false confidence in users at both ends.