Saturday, July 5, 2008

Bank of America is a bunch of ass clowns

Today it took me about 15 minutes to activate my credit card.

I have a card through Bank of America. It's a card I hardly ever use (because I'm an Amazon.com card guy). But, I keep the card around in case of emergencies.

Unfortunately, they were unable to verify my identity because the phone number from which I was calling was different than the one I had online (I moved five years ago and must have never updated my home phone number).

So, they had to "dive further" to establish my identity. They asked for my last-4 digits of my ssn. Check. They asked for my mother's maiden name. Check. But they were still having difficulties. They had to transfer me to a specialist.

The "specialist" went in for a deep dive. This including giving him my current billing address and then asking for two intersecting streets to my billing address.

So lets look at the pieces of information you used to establish my identity:

+ Last four digits of SSN - just about everyone and their mom knows this number. Everyone asks for this number (and they shouldn't). Only the IRS, my employer, and myself should know this number so that they can report taxes. But because of SSN abuse, this isn't really a safe number any more. My doctor knows this number, PennDot knows this number, my bank knows this number, my credit card companies know this number. Hell, comcast probably knows this number too.

+ Mom's maiden name - 15 minutes of social engineering can easily get this piece of information

+ Billing Address - Hello? If I stole your mail, I probably already know this.

+ Two roads that intersect with my billing address - I can get this information in less than 15 seconds, using Google Maps.

Dear Bank of America:

While I truly appreciate your need to protect your profits and my card from identity theft, I think you guys suck. None of this information really helps to establish my identity and can be easily thwarted by anyone who wasn't an idiot.

Please implement something better in the future.

No comments: