Sam Brown

Online and Telephone Banking Security Gone Crazy

When I recently created a new account with the bank I have been with since I had my Super Squirrel Saver Account 18 years ago I had to go through the laborious task of answering some “Security Questions” for telephone banking that I would later use to identify myself should I use this service, which in all honesty, I don’t. Now, let’s be fair, these supposed secure questions and answers are completely bullshit:

  • Please name your first primary school?
  • What is your mothers first name?
  • Where were you born?
  • etc.

Anyone with half a brain or even a friendship with me on Facebook could find out most of this information – what’s more worrisome is that these are the same types of questions that I have to answer to log on to my Internet Banking including – “What is your fathers first name?” – with me being Sam Brown III (the third) that’s probably the least secure thing they could have asked.

I must admit that because I rarely if ever use telephone banking I actually wrote the answers down, just in case. This week I had the unfortunate need to phone my bank to activate something and had all my necessary security answers in front of me ready to give only to be thrown a curveball by the girl on the end of the phone:

  • Do you have any regular credits coming into this account and from whom?
  • What was the last transaction on this account?
  • Do you have an overdraft on this account?

The first answer is no, my credits are from different clients and not at regular intervals (not a monthly salary for example), the last transaction I had absolutely no idea – I could remember taking money out the ATM but that turned out not to be the last thing on the account and I somehow managed to incorrectly guess that I didn’t have an overdraft when I in fact do – I’ve never needed to use it and thus had no idea it even existed. Their response was blunt:

“Unfortunately you have incorrectly answered these security questions and I have blocked access to your account, you will now need to go to your local branch with three forms of ID to reset telephone banking. Have a nice day.”

A bit of an inconvenience to say the least but I did as requested only to be asked by the teller to reset the very same security questions I originally answered when creating the account. I just arrived at square one.

The biggest issue here is not just that these questions are ridiculously insecure but instead of even asking me those – they ask me about recent credits and transactions on my account, which is like aiming at a moving set of goal posts. Without actually having that information in front of me I’m essentially just playing a guessing game – much like one could do to answer their secure questions.

Post a link to this on Twitter ↩


There currently aren't any comments on this post, leave the first?

Commenting has closed for this article. Feel free to me.

Sam Brown co-founded Iterate, and was previously VP of Design at Foursquare. Based in NYC.