Bank authentication

I just submitted this to RISKS. It’s neato and it makes me happy so
you get to read it here first:

I figure a bit of good news on RISKS can’t hurt:

Recently while trying to automate downloads of my account balances I
managed to trip the “too many failed logins” feature on the website
of my bank, TDCanadaTrust. This necessitated a phone call to get things

The phone person I spoke to asked if he could ask me some questions to
identify me, and then proceeded to ask: my previous address, the
accounts and products I have and at which branches, the last transaction
I made on one account, what automated deposits I have and roughly how
much, what automated withdrawals I have and roughly how much, and how
often one of them happens, where I work, how long I’ve been there,
and what my position is there.

The great part about it is that he was obviously looking for things that
I could answer easily (by choosing an account that had activity today
for the “recent transaction” question) and accepting answers that were
precise enough without getting silly (“savings account” rather than the
product name, and “either at this branch, or I might have moved it to
that other branch”, and so on).

It’s good to know that there are some little pockets of clue out there.

So often these days I expect behavior more like Bell Canada’s
that this sort of thing pleased me immensely.

Comments 2