Bank Of America Quizzes Me About Sister's Real Estate Holdings For Account Verification

Seth tells Consumerist that when he tried to open an additional savings account with Bank of America, recently, the überbank put up some privacy roadblocks that he found intrusive and problematic. He’s already a customer, but the bank insisted on verifying his identity when he applied for a new savings account online. One of the questions was about his sister’s financial transactions, not his, which made him uncomfortable.

I just had a somewhat surreal experience, and I’m trying to gauge if my reaction was over-the-top or not:

Last week I applied for a BofA savings account online, jointly with my fiancé. I got an email over the weekend from BofA, saying that they needed to confirm some information in my application:

Thank you for applying online for a Bank of America checking, savings, and/or Certificate of Deposit (CD) account.

We have received your online application and simply need you to call us, within 10 days, so that we can verify information received in your online application. This verification is critical to timely processing of your application. If you are unable to contact us within 10 days, you will need to reapply. If you have already contacted the bank on this subject, please disregard.

Please contact Bank of America at 1.888.383.7500 between the hours of 8:00 a.m. and 9:00 p.m. Pacific Time Monday through Friday or between the hours of 8:00 a.m. and 5:00 p.m. Pacific Time on Saturdays and Sundays, to open your account now.

Your confirmation number is XXXXXXXXX

Thank you for giving us the opportunity to serve you and welcome to the Bank of America family.

This seemed relatively reasonable (online application, new account, security, yada yada), so I called them back this morning. And the CSR, Sarah, told me that what I they really needed to confirm was some information that they had gleaned from public records searches. My antennae went up, but we proceeded.

The first question was about which of three people that I had never heard of — which one did I know? The second question asked me in which of three possible cities did my sister own property? My married sister. Who doesn’t share my name. Who was not listed on this application. Or any other application to BofA.

To put this in perspective: I had filled out the online application by following a link from my existing BofA account management page, and much of the application (which I verified before submitting), was pre-filled by from their existing records on me — since I already have four BofA accounts.

I told [redacted], the CSR, that this was an invasive and offensive series of questions and that I wasn’t going to violate my sister’s privacy to get a savings account. I didn’t explore the issue that I already have four accounts with BofA, so if an application filed through their system while logged in as myself is sufficiently suspicious to warrant this questioning… what does this say about their confidence in their own online security?

I vaguely remember being ticked off about this same line of questioning last year when I opened my first BofA account, but discounted it as a new application that they actually had to do due diligence on. This time, I’m not so willing to discount the inquisition: they darn well know who I am, or should.

Should I have acceded to their questioning? Does a quiz based on a public records search improve my security (or theirs)? Is it unreasonable for me to expect them to “know” me online? Should I have been willing to answer questions about my sister based on public records searches to get a savings account?

Selling my sister out for the $36 initial deposit seemed crass.

The information for the pop quiz is pulled from a variety of records, including credit reports. Thanks to the magic of modern data mining, databases link people who are likely relatives–and sometimes, just random people who happen to have the same last name. While it’s unlikely that Seth’s sister’s privacy would be compromised if he answered the question, the real question is: can companies reasonably expect us to know this much about people who may or may not be relatives? Siblings can always fall out of contact, or just not feel the need to keep each other up-to-date on their real estate holdings.

Have you ever been forced to answer similar questions in a security pop quiz? How did you deal with them?