Log in

No account? Create an account
Previous Entry Share Next Entry

You shouldn't need a password to give me money

When I opened my bank account (years ago) the customer service representative asked me, "Is there anyone else that should be allowed to deposit money into this account?"

I looked her straight in the eye and said, "Yes. Anyone. Anyone at all. If someone comes into you bank and wants to depost money in my account, please sit them down, offer them a cup of coffee, you name it. Just make sure they deposit it all."

This was 15 years before the nigerian scammers started. Now someone trying to deposit is usually doing it as a prelude to stealing.

However, I have noticed that as I call customer service lines I am asked for my mother's maiden name and other "security questions" for things that absolutely don't require it. Recently I called a bank and asked a question about my account. I was then asked, "Do you give me permission to look at your file so I can answer your question?" What was I to say? "NO, I only want to bank at a company that employees people with ESP. Yes, damn it, I want you to f-ing open my damn record. Duh!"

I didn't say that. I was temped to ask, "If I say 'no', aren't I an idiot?" or "Is there any other way for me to get the information I asked for?"

But of course I just said, "Yes, please" and continued with the phone call. I had just waited 5 minutes on hold to speak with a human. I didn't need to start a debate about illogical security theater.

  • 1
I don't think you're old enough to have opened a bank account 15 years before the Nigerian scammers started.

He probably means "before the Nigerian spammers started" :) That is, before they started using email to snag random people.

I have an actual password on my account (following having my wallet stolen years ago), one that isn't used anywhere else and is known only to me. Still I often have to go through all the other easily found stuff (mother's maiden name, etc.) before they even get to that. Random.

As a customer service manager I can assure you the CSR finds that question at least as idiotic as you do and is only asking because someone one somewhere.. probably in their legal dept mandates they have to ask the idiotic question.

As far as various financial institutions are concerned, my mother's maiden name is a variety of things along the lines of "you-don't-need-to-know-this"

Apparently, saying "yes" gives them permission to look at your _entire_ account details, not just the portion relevant to your question, and also gives them the permission to try and upsell/cross-sell you services based on what they "learn" from your account information.

I suspect this has become necessary and relevant since companies have completely outsourced their call center operations to third parties who virtually pay for the privilege in exchange for earning revenue by upselling/cross-selling services. The idea behind this is it's win-win for the two companies: one gets cheaper call center services and the other has warm lead generation with inbound opt-in ("yes, I give you permission") telemarketing.

Having managed in a financial call center, I've always suspected that the whole providing a password or verifying some sort of information in order to get information is more about making customer feel that institution is protecting their financial information and less about any concrete form of security.

A significant chunk of CSR procedures are predicated on making the customer feel a certain way about the interaction and institution (safe, secure, well served, etc) as opposed to anything meaningful on the organizational side of the equation.

And FWIW, CSRs usually hate having to ask those questions as well.

(Deleted comment)
Oh, I usually just ask "is there any way to answer the questions without looking at my bank account?" They think they've got a moron on the line and say, "no, ma'am, not really." So I say "OK, then, I give you permission, since I called to have my question answered and this is the only way to get that done."

Remember, calls may be monitored for quality assurance.

  • 1