BankDirect takes the security of our client’s accounts and financial information very seriously. As part of our continuous efforts to deter online fraud and theft, we are making a change to our single-use Secure Access Codes (temporary codes you use when you log in to your account from an unrecognized computer or mobile device).
Due to the rise in identity theft and fraudulent transactions attempted by email, effective July 20, 2018, BankDirect will no longer send Secure Access Codes by email. Secure Access Codes will still be delivered through your phone via voice call or text, so it is important that we have up to date contact information.
They aren't doing that for security purposes because SMS is much easier to hack than email. They're doing it because it reduces customer complaints and support costs. It's cheaper for them for a few accounts to be hacked than deal with true security.