Bank authentication


I just submitted this to RISKS. It’s neato and it makes me happy so
you get to read it here first:

I figure a bit of good news on RISKS can’t hurt:

Recently while trying to automate downloads of my account balances I
managed to trip the “too many failed logins” feature on the website
of my bank, TDCanadaTrust. This necessitated a phone call to get things
reset.

The phone person I spoke to asked if he could ask me some questions to
identify me, and then proceeded to ask: my previous address, the
accounts and products I have and at which branches, the last transaction
I made on one account, what automated deposits I have and roughly how
much, what automated withdrawals I have and roughly how much, and how
often one of them happens, where I work, how long I’ve been there,
and what my position is there.

The great part about it is that he was obviously looking for things that
I could answer easily (by choosing an account that had activity today
for the “recent transaction” question) and accepting answers that were
precise enough without getting silly (“savings account” rather than the
product name, and “either at this branch, or I might have moved it to
that other branch”, and so on).

It’s good to know that there are some little pockets of clue out there.

So often these days I expect behavior more like Bell Canada’s
that this sort of thing pleased me immensely.


2 responses to “Bank authentication”

  1. Yeah, Royal Bank has that, too. They have a word that you choose for a phone password — they suggest using your favourite thing to do or eat. If that fails, they resort to the transaction questions and stuff. It’s pretty great. Thank heavens that when I needed to use mine, I had just ordered pizza the night before, and still had the receipt. =)

  2. Yesterday I had to replace my Bank of Montreal bank card, in person. I neglected to bring photo ID and got a similar twenty-questions routine.

    While I was pleased they were trying to serve the customer, I would have preferred that they just tell to go get photo ID. I think I could have faked my way through their routine just on the information in my wallet, and maybe if I’d found an ATM receipt with current balance.

    But then some other bank employee noted I did have a copy of a photo ID on file anyway, so they went by that.