So, today being bill day and all, I decide to fire up teh old intarweb and take care of the Happy Scrappy Financial Obligations lickety-split.
So I sign on to Bank of America’s website.
To log on, I have to give them my account number, password, and state in which I opened my account. So I do so.
They don’t recognize my computer (I’m at my school’s library), so they ask me a verification question. Which I answer.
Then we come to the dreaded Layer Three of Security!!!twenty-five!! The impergnable, unbustable, uncircumventable Level Three of Security!!!twenty-five!!!
They show me a picture I picked with a title I gave it, and ask me to do some loony word-association bit. By looking at the picture, I am supposed to remember the word I associated with that picture, and therefore Bank of America will know it’s really me and then I can Use my money to pay my debt to… Bank of America.
See, Bank of America KNOWS that someone who knows my account number, PIN, state of account opening, mother’s middle name, town of my birth, and town of my hich school might not actually be me. So in order to prove that I am REALLY me, I ought to submit to this dime-store Rorshach treatment.
One problem. I, like many people who have more than two things to think about, don’t have enough room in my happy scrappy brain to remember what word I associated with a stupid fucking picture forty-five fucking days ago. So I click on the “Forgot Your MMPI Answer?” button. Which pops open a box that says “Call 1-800-HOLD-PLS to obtain your InkBlot pass.”
So I call. Now, I don’t see how a security increase is served by forcing a guy to speak aloud all his account information in a public place, but then, I’m just a law student and such things are beyond me. I resolve to ask the operator just how in the blue hell I’m safer, but I don’t get the chance. Call volume is “exceptionally high.” Wait time of five minutes or so. But, according to the voice, if I want to reset my InaneKey, I can follow the instructions on the website.
So I figure, “That shouldn’t be that hard. I’ll reset it, they’ll bounce the new one to my e-mail, and I’ll just get it from there. This will serve the dual purposes of ease (as I am qualified to operate electronic mail) and security (as Bank of America has kindly provided an extra layer of passwordism and the evil phishers may not know the linked account).” Simple enough. So I click to reset.
Holy crap! Another layer of security!
In order to reset my passkey, I must provide them with… account number… PIN… state of account opening. The same fucking three bits of info I had to give them to login in the very first place. So, feeling no small sense of deja vu, I do so. I hit “enter.” I wait for the window that says, “Your reset passkey will be mailed to your linked account.”
right to my fucking bank screen.
Let me get this straight, you morons. I give you three pieces of information.
That’s not enough for you. You need to verify that it’s me.
You ask me an inane question.
I don’t know the answer.
You say I can get around the inane question… by giving you the exact same three pieces of information you asked for in the first place.
I dunno about you guys, but this seems more than a little… oh, REALLY FUCKING STUPID.
Can anyone explain what I’m missing here?