Marc has a problem with Bank of America’s security. He called the bank and, using alarmingly little information, was able to get access to his wife’s account. He’s worried a thief would have been able to do the same.
Here’s his summary of the chat with the BofA agent:
BOA Agent: To begin with may I have your name as it appears on the statement along with the zip code?
I gave them the name and zip code.
BOA Agent: Do you recall your verbal verifier? This is a password that you have setup to identify you when you contact us.
I said I had forgotten it.
BOA Agent: Could you please confirm your driver’s license number?
I gave it. Drivers license numbers are part of the public record
BOA Agent: Could you please confirm the amount and location of the last posted ATM transaction made at a Bank of America ATM machine?
I give the location of the atm and an approximate amount. This would be the hardest to spoof but once you know where someone lives (public record) you can easily find the closes ATM to their home. If I had said I don’t know I’m pretty sure they would just ask something else or accept just the location
BOA Agent: Could you please confirm your complete address and date of birth?
I gave them. Both are public record.
At this point the agent thinks he is talking to my wife for sure and proceeds to send me an unlock code to a new email address because I told him that my old address that they have on file is no longer one I use or have access to. This should have been a MASSIVE red flag but it has no effect and they actually enter a new address I provide them with to my account and then send me access info.
Understand that BoA is not the only bank to have such weak security. It is up to you to find a bank with better practices.
Does your bank offer more security than Bank of America did for Marc’s wife? What role does security play in your choice of where to bank?