Discussion in 'privacy problems' started by ronjor, Mar 27, 2012.
That easy? This is why this kind of affairs (dealing with the bank, etc) should always be done face to face. Never over the telephone.
It's scary how easy it is and how difficult it can be to stop. I had to spend 4 hours on call with my bank to get a special request on my account to NOT accept any changes over the phone. I also had them freeze all internet transactions. I have a second bank with limited funds (never more than $100 in there) for online and over the phone transactions.
In my country, there isn't a single bank that will allow you to make a transfer without inputting a 6 digit SMS verification code - be it for local or international transfers. Even if you want to make a transfer via phone, they will still ask you for this SMS. And if you lose your phone and want to change the number, you need to do it personally in the bank. To be honest I am very surprised at just how weak bank protection is in many US banks, and western European banks as well.
Also, I am not really sure this situation qualifies as identity theft. Personally I think it is way closer to just "theft", but I think the phrase Identity Theft is overused on purpose by the media, since it is current and draws attention.
This incident should help tighten up security a bit, hopefully.
On a side note, a bit related to issues involving banks, I found out that quite a few banks in my country don't offer https by default, although they do offer it. The problem is that all of them request their clients to enter an initial access code in an insecure http form.
This also includes my bank. I actually fought against it quite sometime ago, and I did manage to make them to fully support https, including in their initial page, where clients enter their initial access code.
But, and I don't recall if it has ever been, they no longer offer https as a first option, and it has insecure content as well - http. When I made them offer full https, it didn't have any insecure content, from what I can recall.
I suppose this will require a new fight.
Another bank seems to have an https version, but it won't stay in it, I keep getting redirected to a http version. Even when I force https, it won't work; I'm not able to access it, at all.
This shows how banks simply do not care, at all. Unless, they get bad publicity. It's time for some more.
Separate names with a comma.