Verifying Identity: From One Foolish Way to Another

You may also like...

6 Responses

  1. Great post. You are right, of course.

    I would add another independent problem: if the public records are inaccurate (as is so often the case), you may find yourself giving the “wrong” answer about your own personal details. This happened to me once recently. I had the surreal experience of needing to insist to a skeptical customer service rep on the other end of the phone line that I am indeed me and that I knew my own past home addresses better than she did. Turns out there was a typo, of course.

    Worse still from the point of view of banks and other institutions who adopt this strategy, quality control is essentially impossible. The error must have been made by some faceless data entry clerk at some other entity with whom I interacted in the past, and the bad info gradually migrated its way into my Choicepoint profile or some similar aggregated dossier.

    (cross posted at Info/Law)

  2. Bruce Boyden says:

    What’s the worst that can happen here? You occasionally suffer the inconvenience of going into the bank with your drivers’ license? A phone call that takes 20 minutes instead of 5? Aside from the security issue, the downside to the consumer appears to be occasional inconvenience.

    As for the upside, for one thing, banks et al. are dealing with a “legacy” problem — a mass of customers who opened their account years ago before the banks woke up to the scale of the identity theft problem. It’s WAY cheaper and faster to cull that information from databases rather than calling up each existing customer and playing 20 questions. For another, most consumers probably do not want to answer a series of personal questions each time they open a new account.

  3. William McGeveran says:

    Well, first of all, one personal question with a clear and correct answer might do the trick. That’s better than repeat “20 questions” games, often when you are busy just trying to use your credit card or withdraw some cash.

    I don’t suggest this is sky-is-falling stuff. But it does undermine my confidence in security if protective measures hinge on inaccurate information. And it is not hard to imagine a situation where customers actually are denied access to service — possibly the use of their own credit cards — because the bank (or, as in my case, utility company) mistakenly disbelieves their answers about where their mothers live or whatever.

    Finally, given the enormous attention and investment that customer-facing operations make in monitoring, timing, and improving their telephone and online interactions with customers (for, as we are always told on the phone, “quality assurance purposes”), they mighyt consider a pattern of such problems a pretty big deal business-wise. Customers who get grilled about their personal data when they are just trying to buy stuff are not happy customers.

  4. Antiquated Tory says:

    How very odd. Here in the Czech Republic, where banking has a long way to go in terms of service, I can’t get any information over the phone. I can over the Internet but that’s password and certificate protected. I also cannot use my credit (really debit) card remotely to buy things. I have to have a separate ‘Internet’ card for this; it has a limit of 2 purchases/day which cannot total more than $400. Anything more, I have to physically swipe it.

    I ran into problems with this recently while trying to rehabilitate my US Student Loan. It seems that the US Department of Education does not accept bank transfers, which are the normal (and fast and secure) way of moving funds over borders, and expected me to provide them with lots of credit card details instead. But this wouldn’t do them any good, because Czech credit card security won’t allow such transactions…

  5. dan says:

    It is easy to pick apart a system of verification, but what solution can be provided? The Chase example could discredited further if the account was fraudlently opened to begin with. How do you stop someone from opening an account with someone else’s info? I think using public/private databases is the best method out there. The questions are random, so the fraudster doesnt have time to prepare what could be asked.

    I would be interested to see your solution to the problems.

  6. Jon says:

    I just recently ran into this rash of question asking. My bank asked me an age question about my step-brother’s 3rd ex-wife. I didn’t have a clue. Just a minute ago, I was trying to order a birth certificate online and could tell the questions were targeted at my father and not me. Have you ever owned a home at one of the following addresses…nope, but my father did. You answer “None of the above” and are kicked to the curb and made to do things manually. It’s irritating and annoying because they have BAD data. In the computer world, the term GIGO jumps to mind: Garbage In, Garbage Out. These ID verification folks are putting a lot of Garbage In.