Lately, it seems all of my credit cards are adding “New Levels of Protection!” mainly by putting in security questions. That would be fine if I could actually answer any of the questions.
Examples of questions from Citi:
"What’s the highest mountain you’ve been to the top of?"
How the hell do I know? I’m not a mountain climber, so it’s not that I’ve ever climbed a mountain deliberately. There’s a big chunk of limestone in a nearby city that’s called a mountain. Is it a mountain? Would I remember it tomorrow if I claimed today that it was a mountain, or would I say to myself, “That’s not a mountain, it’s just a big chunk of limestone”? "What’s your youngest child’s nickname?"
I don’t have any children. I could make up a fictional child, but what are the chances I’d remember that? I could substitute a pet. My youngest cat is named Albert. He doesn’t have a nickname. I could put in his nickname as “Albert” and hope that if I got asked the question I would remember that I subbed in a cat for a child and that I used his name instead of a nickname. "Other than where you live, what’s your favorite city?"
I don’t have a favorite city. I also don’t have a favorite TV show, a favorite cartoon character, a favorite song, a favorite movie, a favorite fictional character, or a favorite pet. These answers change all the time, so putting them down as security questions would require that I write down the answers to my security questions on a piece of paper and tape it to my computer. Very secure!
Am I the only one who is running into this problem?
Those are some stupid questions! One that REALLY pissed me off, though I can’t remember who it was (someone relatively unimportant though) enough to write and complain, was one where they asked you “What city were you born in?” And had it in this format: city, zip. I dashed off a furious letter, asking did they think all of their client were US born only and had zip codes? I told them I couldn’t do business with them simply because I couldn’t put in a zip. I wasn’t about to make up a city in the States; I’d never remember what I put in.
The airheads at one of my credit cards, instead of asking me the secret question, asked me what the secret question was. Since I answer these things on dozens of sites, I had no clue which one I’d used on their site. When I asked to speak to a manager I was able to get through, but I gave him an earful about their absurd logic.
I’m still a bit too annoyed by the ones with the picture.
I have no idea how that is supposed to make me secure. I pick out a picture.
Then, the next time I log in and enter a password, they ask “is this your picture?” to which the answer is always always yes. Every single time, the answer is yes.
How does that help anything? I’m sure the thief also knows “well, they always show the picture - so, ‘yes, it is the right one. Hmmm… amarinth likes clocks.’” (not my real picture)
If I had to pick the right picture out of a picture lineup, that might be interesting - but as it is? what? Why? Who convinced everyone that this was a sure way to security and more important who was the idiot who believed them?
But as for the questions, once all of the available options were questions about my spouse. His birthday, my mother-in-law’s name, etc. Great questions, if I were married…
It’s not a password-security measure, it’s an anti-phishing measure. Even if a phisher does a good job replicating the site, they only have a 1 in whatever chance of getting the picture right for your account. Even better if you don’t pick a stock picture and could upload something of your own.
Its not even a very good anti-phishing feature. Phishers will just adjust and send out “Please Update Your Photo” emails. Wouldn’t slow them up for even half a day.
I had trouble accessing my bank account online so I called in, the guy I spoke to asked me simply what was the answer to my security question, I said “aren’t you actually supposed to ask me the question so I know what answer to give?”. So I randomly spouted off pet names and cities I was born in and parent’s maiden names. In the end he just had to accept that I was who I said I was but he never really asked me the damn question.
That makes sense, now that you’ve explained it. You know who totally failed to explain it?
The banks.
So had I been the type of person who believed all of my spam and logged into the almost, but not quite, bank look alike and entered my passwords - I wouldn’t think “no picture. They must be phishing.” I would think “Thank goodness they got rid of that stupid picture thing” and been robbed anyway.
Luckily, even though I didn’t know how the picture thing worked - I did know better than to go to the Fifth Third Bank enter my password quickly before my mortgage payments increase because (a) I’ve only ever heard of Fifth Third bank through spam and (b) I don’t have a mortgage.
I wish instead of going through all the option submenus first, they would start with a list of everything you will need to pass the security test. You could hang up then and spend a half an hour finding what you need to find your balance or order status. The drug programs are the worst. You can get five to ten minutes into the hurdles and still not complete your refil order. I had to enter three different reference numbers of about 20 charactors each one, and there was now press if this is correct, it was sorry that is an invalid entry, please try again. It took me one week to get the order filled . No human option was available. I had failed once again and entered random numbers for like 30 seconds before I hung up. In one more day the refil would be invalid. I called again, and the system must of used the caller id to send it to a person because it got all the random crap on the last call. Guess what? They where taking over for filling the perscriptions for the first company, but all the data had to be rentered into their system, Blah blah blah. The system didn’t work if you used the correct numbers, because it was broken. So the damn thing was broken and the people accross the country had no way through the menu to get a prescription filled. I tried for up to a half hour for a week to get a refill and the only system was broken to do it, and they knew it was not working, and you had no way to get a person on the line.
You know Patty O’Furniture, that’s exactly what I do. Shhhhh!
(I guess it’s just like a backup password, and I feel it’s more secure than many of the stupid questions where many of my friends and relatives would actually know the “secret” answer.)
I don’t know why credit card companies and banks even ask the security questions in the first place since they don’t seem to care too much about my financial security. I have had to call every financial institution that sends me crap (preapproved credit card applications, blank checks to use for my current credit cards, etc) and opt out of the service which takes up to 60 days! One time I got an envelope that was open, completely unsealed, with a letter inside about keeping my account secure and inside it had 5 of those blank checks to use against your credit card.
I don’t consider a back up security question a good idea for most places. Somebody that is stealing my identity, likely has my mother’s maiden name or my birthday, or my high school’s name, or you get the gest of it. To gest, to joke, to cry.