I called my bank a month ago to check my balance. My bank is Chase. I was on the move, so I didn’t have some of my information in front of me. Who memorizes their bank account number? Or credit/debit card number for that matter? I had recently moved, and I didn’t even have my new address memorized yet either. I had my name, my birth date, my social security number, what else do you need? I didn’t have what they wanted, exactly, so I had to go through their phone security check. You wouldn’t believe the hoops you have to jump through to get access to your own account.
I understand that security is important, don’t get me wrong. But I thought it a bit excessive the ordeal I had to endure. Lets see, I spent the first ten minutes answering a dozen questions from last known mailing address to phone numbers – the normal information you may expect the bank to ask you, the information they have on record because you gave it to them. Then they asked questions completely OFF THE WALL.
I was told I had to correctly answer at least 1 of 3 personal questions. They were multiple choice, even, three possible answers a piece. If I got them wrong I wouldn’t gain access to my account. I got the first two wrong. The first one… they asked me “who is [insert name]?”. They gave me some random name (same family name actually), one that I had never heard before. I figured it was a celebrity or something – the answers were all unfamiliar to me, too, both from pop culture and my personal life. But I had to pick the correct multiple choice answer explaining who this person was (to me) in order to gain access to my account. What the freck?!?! I don’t know who this person is, why should I? I even said that to the teller.
The second question, I forget, was equally ridiculous. None of the answers I recognized – the question I didn’t even recognize. After each question, the teller sounded irritated that I didn’t know the answers. Like I’m supposed to or something. She warned me, “you need to get the third one right.”
I interrupted the teller on the phone. “Where the hell are you getting these questions?” I said. Apparently, these questions are randomly drawn from a pool of information that Chase collects on people.
The third question was “Which address are you most familiar with?”. The first of the multiple choice answers was… some address in Idaho (Ive never been to Idaho and know no one living there). The second of the multiple choice answers she recited was the address of the house I grew up in as a kid. I was rather surprised. That was obviously the right answer.
I asked the teller, “Where did the bank get this information? I never disclosed this address or any of the other answers to any of the other questions you could have asked me”. The teller said, “Its a matter of public record.”
First of all, I felt rather threatened that anyone, bank or otherwise, had access to information such as this. I think its sleazy and corrupted. What company holding any ethics whatsoever would go behind my back and collect all these facts from my distant past… without asking me explicitly? They could have asked the questions and gotten the answers – in person even – or they could have asked for my permission in collecting the information to ensure security later.
Secondly, if these security questions are a matter of public record, then any Joe has access to the answers. How then do they make good security questions? Anyone can access public records, and thus anyone can gain access into my accounts if that is their intention.
Chase is basing their security questions on publicly accessibly information, without even conferring (or verifying the accuracy of the answers) with the account holder whom its intended to protect! Can you say “retarded”?
Thirdly, two of the three security questions I was asked I didn’t even know the answers to. How is that? Either they screwed up and pooled their security questions from someone elses history, or they are mixing me up with someone else in this country by the same name. I cant think of any other explanation. What if that third question I also got wrong because it was some random or trivial tidbit too obscure even for me to have known?
Accuracy was obviously a problem for them, so gaining access to your account could very well be a matter of giving the wrong answer to the wrong question. There were only three questions and each had three multiple choice answers – which I compute to be a greater than 70% chance that some scam artist could guess their way into your account anyway without ever looking at public record.
Likewise, if you are the rightful account holder, there is a 30% chance that you would guess wrong and be barred from your own account on account of the fact that these questions were too obscure even for you to know.
I think its absurd. I think its threatening, unprofessional, a security vulnerability deliberately built into the system; I think its excessive, a violation of my privacy, and just plain highly unethical. I think its redundant, an ineffectual waste of my time designed only to give me an added feel good feeling about my bank – which should actually have the opposite affect. If they needed so many security questions answered they could have set that up with me when I opened the account. How many could they need?
The next time I call Chase I will deliberately attempt to recreate the scenario, I will record the call, and I will blot out confidential information and post the conversation on a podcast or something. I am disturbed, and I seriously think Chase needs to get their asses straightened out.
Corruption. All this time some corporation has been pooling information from every facet of my life from childhood to adulthood and putting it into a tidy database. If you’re a conspiracy theorist you might expect that from the government, but not some business and surely they wouldn’t disclose the fact either. But its scary anyway.