It’s unfortunate that Google (dis)services infest so much of the internet, and especially maddening when websites think they provide some kind of “security.” See Google Shadow Profiles
When I have had to get past captchas, I’ve noticed that it’s gstatic that has to be temporarily enabled… but to get the gstatic script to show, I have to enable another Google script first; google.com, I think.
We can only hope that this stuff will eventually become the subject of a privacy-abuse lawsuit.
You can take action by switching financial institutions and/or becoming unbanked.
Generally, it’s not my banks, credit union, investment institution, or credit card issuers that throw captchas at me.
I highly value access to financial products, by the way, so I don’t plan to get myself “unbanked” any time soon. 
Sure, I understand. I prefer not waiting around until data breaches and/or privacy-abuse lawsuits happen by third-parties at their own convenience. By then, I assume that it is too late to take action.
Change banks? (Unless you’re in Australia, I think they only allow four. But that’s what they told me 40 years ago.)
Then there is my bank that lets me login to my account through the Tor browser. I’m not joking. I did it like 50 times and all functions and services worked just as good as If I used a normal web browser. It is just significantly slower.
My bank doesn’t like the available browsers
My browser doesn’t like the available banks.
There was an old joke from the Tonight Show about 50 years go with Johnny Carsron, I think it was Jonathan Winters who told it. It was a monologue and he steered it to his visit in Switzerland, with a bunch of money trying to establish one of those secret Swiss Bank Accounts. After asking about where one of these banks was, he was directed to an upstairs room at a Tavern where he found this litte old man sitting behind a desk. Asking about an account, he makes the deal and he give the little old man a briefcase full of money and the little old man takes and puts it behind his desk. Before leaving he asks the little old man, “Well don’t I get a secret bank account number?” “Indeed” said the little old man. “Well what is the account number?” The little old man said: “One.”
Angelfish is the only browser I managed to find that allows me to log in to my bank.
Could it be that angelfish doesn’t block stalkers or does angelfish block a certain way different from other browsers?
~s
An interesting point! But that would be illegal according to which Law, in what Country or aggregate of nation-states( like EU) having common legislation?
In fact, I can’t remember ever seeing any law or regulation restricting the use of GA or Gstatic by websites - anywhere they would be hosted in the world…
Always a fair question - and sometimes quite difficult.
However in the context of this topic - your bank - then you and your bank are likely to be in the same legislative regime, so it’s not as difficult as it could be.
I don’t see why a bank would be bothered with a CAPTCHA. Some sites use it to stop automated login attempts but that can be countered by locking the account out, for a while or until there is manual intervention, after a moderate number of failed logins (even though in some cases that might allow a DoS) or at least deferring the use of a CAPTCHA until that number of failed logins. Some sites use it as an anti-scraping mechanism but I wouldn’t think that applies here.
In this case “should” refers to what I think ought to be the case but which is not the case.
It is arguable that any general anti-tracking right could blow Google out of any web site that it has its tentacles in.
Good security practice suggests that important web sites should avoid third party content.
Amen to that. 
This has worked tremendously well for me! (Given the shitty situation where websites actively discriminate by user agent.)
I’ve found Mobile View Switcher to work best, because it lets me enter one user agent string, then allows me to toggle between the correct and the fake one at will.
Toggling between real and fake turned out a useful feature, because faking the user agent occasionally breaks other websites.
Remember though: You’re responsible for your own due diligence when you use web extensions. These are often updated automatically, and can turn rogue at any time. I’m currently learning about Debian packaging because I want to depend less on silent automatic updates.
Ah, very sorry! I misunderstood the use of “should” in the context of your remark - I thought you were referring to some new magical regulation that had suddenly appeared, which I would not be aware of…
Well, too bad,so.
The Evil Giant Octopus always wins then - nothing we can do about that!
I’m guessing it is down to the user agent it sends.