Bank of America's Absurd Telephone Security

So I called Bank of America to send a new credit card to me (the chip was screwed up, which has now happened to three of my cards).  The automated system asked me for the card number and zip code (the latter being a good idea since it is information not on the card itself).  The automated system then gave me some information, trying to head off standard phone requests I suppose.  It told me my current balance, my total credit limit, and my available credit.

I then jammed "0" and said "agent" over and over until I could get a real person.  Once I got a real person, they asked me my name, and then said they had to ask me a security question.  So they asked me ... what is the credit limit on my card.  LOL, their system just told me the number.  Had it not, I probably would not have even known the number.  I asked her how in the world this could possibly be a reasonable security question when their system just told me the answer.  I got a sort of "I just work here" answer and gave up and got my new card.

20 Comments

  1. esoxlucius:

    So they asked they asked the card number and zipcode. Both of the pieces of information a thief would have if they stole your mail in transit. Very unsafe. It amazes me that banks still have not figured out how to prove you are you after all these years.

  2. kidmugsy:

    They've not even worked out how to prove who they are.

    Telephone voice: Good morning, this is the blah-blah bank.

    Me: How do I know that?

    Her: I see what you mean.

  3. Peabody:

    Proving your identity in a safe, yet convenient way is a very difficult problem.

  4. Jens Fiederer:

    You get to report on a shrug and a shrub in the same day! How often does THAT happen?

  5. Jens Fiederer:

    If you called THEM, that is kind of an indicator.
    If they called you, they usually suggest you call the number on your card (or their website, which is generally approved by a certificate vendor).

  6. paul:

    My bank does two things better than this (Wells Fargo, so nothing special). Provided you want your new credit card mailed to the address of record, you don't need to speak to anyone. If they do require me to prove who I am, they text me and then ask me to repeat them the code (what in the security trade is called two-factor authentication, although in this case there isn't really a first factor since almost anyone could know your credit card and zipcode). Zipcode is, as you say, good for casual security like gas pumps, where the most you could steal would be $100 ($50 with my Mini), but not nearly good enough if you want to add your name to my credit card (as happened to me a year ago).

  7. Not Sure:

    Bank of America's Absurd...

    Could have stopped right there and you'd have covered it.

  8. marque2:

    zip code is pretty easy to get if your last name is not Smith. The crook would just look up my name on the Internet, and there they would see the country record for the home I own pop to the top - they get the address, and then USPS provides the zip. Of course if they do it a lot, they probably have a subscription to whitepages.com and would have a much easier time of it.

  9. John O.:

    I refuse to do any business with Bank of America and its been doing me well for the last 20 years.

  10. Baelzar:

    This era is going to be known as the Golden Age of Theft.

    The amount of information people post on social media alone ("here's our new baby boy, born today, John Francis Smith, at this hospital, here's a picture!") including where they are at that moment ("not at home, come on in thieves!") the interior of their houses, the expensive items they own....it's incredible.

    People just vomit their private info onto Public posts....searchable posts....shareable posts....twitter....birthdays...pictures....locations....jobs and where they work...it's like Candyland out there.