Well, my bank doesn't allow double digits for one. Meaning pins like 0112 or 3699 wouldn't work. I guess it's all a matter of what each bank enforces?
People will just create password using the 4 corners or things like that.
Why not an alphanumerical keyboard and variable length passwords including caps and symbols ? Then even if someone has 123456789 as password you still have to guess how many digits were used. And you have 3 tries to guess it or the account is frozen and the owner of the card has to show in his bank to unfreeze it.
Probably makes just too much sense ... and is probably too much expensive for multi billionaire companies.
Dont blame the users. Blame the security ... or lack of.