Security? Whatever!

Do you ever get the feeling that a lot of the "security features" around us are nothing more than a charade created to convince us that we're safer than we really are? I mean, seriously, take a look at your average TSA screener. But this post isn't about those people. Don't get me started on "security" at the airport. Just take down the gates and let us open-carry on planes and there will never be another hijacking in the United States. Think about it. (explosive decompression is a myth anyway.)

Today, I called my bank to reset my web access password and get them to unlock my web log-in. I gave them my account number, my name, my phone number, my birth date, my address, my mother's maiden name, and my social security number. That got me access to the username I had forgotten.

Now, to actually reset the account so that I can log in-- to reset the password to "abc123" so that I can log in once and change the password to something I know, I have to provide one final bit of information.

Yes, there is *one* more thing I have to know to get the person on the line to 'do the deed.' So this must be something SUPER-SECRET, right?? I mean, so far I've given them everything but a blood sample to prove my identity, but there is ONE MORE CRITICAL PIECE of information they must have to COMPLETELY VERIFY MY IDENTITY.

"What was the amount of your last deposit?"

Now, on it's face, this seems like a fine question to ask me, because after all, it is something about my account that I should know. But in reality, who has access to the correct answer to the question "What was the amount of your last deposit?"

You might think that the account holder and the person at the bank who processed it are two people who would have access to that information, but you're actually not being specific enough. The correct answer to the question "who would know this information?" is "the person at the bank that processed the deposit and THE PERSON THAT MADE THE DEPOSIT."

"But wait," you say, "I'm the account holder. I made the deposit, stupid!"

Grasshopper; a deposit (thank the banking gods) is an unauthenticated transaction. Any Joe walking into any branch of your bank with your account number (or your social security number) can make a deposit into your account, and at that point, that person knows the all-important amount of the last deposit into your account. They don't even have to walk in. There are drive up windows and night drops.

Don't get me wrong- if some stranger off the street walks in with my account number and wants to deposit money into my account, I DO NOT want the bank harassing them in any way, shape, or form--- I mean, FREE MONEY!--- But at the same time, the amount of the last deposit is not secured information! Your name, address, phone number, and account number aren't really even secure information, they all typically exist on every check you've ever written. Even if they aren't on your checks already, no one will accept a check unless you write all that down (along with your driver's license number) on the check.

So have you seen Idiocracy? I suggest you watch it.