June 26th, 2004

pinkie pie

Bank authentication

I just submitted this to RISKS. It's neato and it makes me happy so you get to read it here first:
I figure a bit of good news on RISKS can't hurt:

Recently while trying to automate downloads of my account balances I managed to trip the "too many failed logins" feature on the website of my bank, TDCanadaTrust. This necessitated a phone call to get things reset.

The phone person I spoke to asked if he could ask me some questions to identify me, and then proceeded to ask: my previous address, the accounts and products I have and at which branches, the last transaction I made on one account, what automated deposits I have and roughly how much, what automated withdrawals I have and roughly how much, and how often one of them happens, where I work, how long I've been there, and what my position is there.

The great part about it is that he was obviously looking for things that I could answer easily (by choosing an account that had activity today for the "recent transaction" question) and accepting answers that were precise enough without getting silly ("savings account" rather than the product name, and "either at this branch, or I might have moved it to that other branch", and so on).

It's good to know that there are some little pockets of clue out there.

So often these days I expect behavior more like Bell Canada's that this sort of thing pleased me immensely.
  • Current Music
    The White Stripes -- Elephant