It's like security through obscurity: on its own it's inadequate, but as an extra layer it can be helpful.

How is this helpful? We have proved it's inconsistent... Do you check IP addresses for security too?

I can imagine a bank fraud detection system being more suspicious of unusually large transactions if they originate from an unusual phone number or ip address, yes.