[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: This sounds familiar
- To: ", Flora" <http://www.state.vt.us/~Flora.>
- Subject: Re: This sounds familiar
- From: robert <http://dummy.us.eu.org/robert>
- Date: Sun, 17 May 2015 07:17:07 -0700
- Cc: Flora E <http://profiles.yahoo.com/Flora>, Flora E <http://www.gmail.com/~flora>, noelle <http://dummy.us.eu.org/noelleg>, "Chris" <http://www.gmail.com/~christopher1>, Chris <http://www.gmail.com/~drchrisbear>, Chris <http://www.picis.com/~Chris>, Chris <http://www.optum.com/~Chris>, Marnie <http://www.gmail.com/~369marnie>, Bhavani <http://www.myself.com/~Bhavani>, Bhavani <http://www.juno.com/~bhavaniowl>, Bhavani <http://www.gmail.com/~bhavaniowl>, Richard <http://www.engineer.com/~w1few>, Richard <http://www.juno.com/~w1few>, "Richard" <http://www.icloud.com/~w1fewa>, Tim <http://profiles.yahoo.com/Tim>
- Keywords: our-San-Jose-phone-number
> From: ", Flora" <http://www.state.vt.us/~Flora.>
> Date: Sun, 17 May 2015 09:26:50 +0000
>
> There is one phone password with my bank. Is your second verification another
> password?
Sorta. It's an answer to security questions that I elected. According to
my password manager, it looks like I have answers for my high school
graduation year, mom's birthday, youngest's sibling's middle name, etc.
They randomly ask one of the questions.
> Three pieces of information must be verified when I call my bank before they
> will continue. One is the phone password. When I gave a false password, they
> sought another way to verify my identification.
I imagine that's probably similar to my bank. I think my bank asks my
name and the last four digits of my SSN and mother's maiden name and then
the security question.
> When I set up my phone password, I told my bank not to continue with the call
> if I didn't know my phone password. I guess that didn't work.
Oh. But, they ask you for the other two pieces of information, right?
> They should use the number on the secure token. Maybe that's it. When the
> caller (should be me) asks for a hint on the password, the representative can
> ask, "what is the number on your secure token?" This may throw off a would be
> thief.
Yeah, if they know that you have a secure token. I mean, they should
assume that if all identity methods fail, that you would just drive to the
bank and show them your mug.
> I'm just thinking of ways that could prevent someone from calling pretending to
> be me and getting through. The person on the other end is human after all and
> not a computer. This has to be thought of.
Absolutely true.
> I just want these financial institutions to have more security measures in
> place to prevent a criminal from getting through on the phone.
Agreed. But, they did refund your money, so, in some sense, it's their
dime if their security measures are inadequate.
> On May 16, 2015, at 11:10 PM, "robert" <http://dummy.us.eu.org/robert> wrote:
> >> From: Flora <http://www.gmail.com/~flora>
> >> Date: Sat, 16 May 2015 23:02:12 -0400
> >>
> >> http://www.pbs.org/wgbh/nova/next/tech/science-of-identity-theft/
> >>
> >> I'm wondering if this is what happened, at least in part.
> >>
> >> Two step verification may be helpful online, but what about when calling? I
> >> do
> >> have a stronger phone password, but tried tricking the person on the other
> >> end
> >> recently. I didn't give my correct phone password to see what they would do.
> >>
> >> They asked for my card number including the ccv. Maybe I should periodically
> >>
> >> report my cards as lost, so I get new numbers. This still doesn't seem like
> >> the
> >> answer. When I initially set up the phone password, I told them to never let
> >> me
> >> through unless I gave the correct password. I guess that didn't work.
> >
> > You need to have a second shared secret. This is what my bank does. I
> > guess your bank doesn't do this. Too bad.