When it comes to our money, we don’t mind our banks being extra vigilant about security. If you lose your credit card or have it stolen, it is common practice for your bank to ask you a few personal questions to prove your identity. Typically, a bank will ask for your mother’s maiden name, the last four digits of your social security number, your phone number, and your home address, among various other possible options. For the most part, this process has become standard practice for banks and credit card companies in order to prevent fraud.
So, when computer security expert Roger Thompson, of cybersecurity firm AVG, had his credit card declined at a London hotel recently, he had no problem calling up his bank and answering a few questions. At least, he had no problem at first. As he details in a blog post for AVG, Thompson answered the standard security questions (social security, mother’s maiden name, etc) correctly. At this point, however, rather than un-suspending the card, the bank associate Thompson was talking with asked him one more question. And that’s where things got weird.
From Thompson’s blog post:
The guy says, “And now, sir, just a couple more questions, please. This is from publically available information. What age-range would best describe this person?”, and he proceeded to ask me about my daughter-in-law…. Using her maiden name, and she’s been married for nine years!!!!!
Now I answered the question correctly, and they un-suspended the card. I paid the bill, and headed for the airport.
I had one question thundering through my mind.
How did the bank associate me with her??????????????????????
Thompson goes on to outline how he and his daughter-in-law share no connections on any publicly available information besides Facebook.
I refuse to believe it was “publically available information”.
We have no connection on any bank accounts, or legal documents.
She hasn’t used her maiden name for nine years. I’d have been less suspicious if they’d asked me about her married name.
She’s not a big computer user.
The only place we connect as far as I’m aware is that she’s a friend on Facebook!!!!!!!!!!
Now, I’m not accusing Facebook of anything, but one wonders…. I can’t believe Facebook would sell our data, so … is someone “harvesting” it?
Through his work with AVG, Thompson is privy to major social networking security threats on a daily basis. In his attempts to rationalize how the bank may have gotten their information about his daughter-in-law, Thompson notes that many Facebook applications are hacked everyday. Given that most Facebook applications require the user to allow third-party access to their private information, it doesn’t take much effort to imagine a huge database of information somewhere out there just waiting to be sold, stolen, or otherwise manipulated.
While Roger’s situation provides a unique counterexample of what happens where our private information is exposed (the bank actually used the information to help make his account more secure), it is still very unsettling that something he clearly believed to be private information was called “public” and freely used by others. If his bank is using that kind of personalized information, who else might be?
0 comments ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment