Your Bank Might Know More About You Than You Know
Many Internet users, especially those who use social networking accounts, expose information about themselves but also friends and colleagues on the Internet.
You have probably read stories in newspapers in the past that cyber criminals are using those information to create false identities, or trap friends and colleagues into thinking that they are actually someone they know. What has not been discussed nearly as much is if and how companies and organizations like banks deal with those information.
It is common knowledge that many companies search for information online about future employees, but the story that Roger Thompson, AVG's chief research officer, posted on his blog seems to suggest that companies use publicly available information for other things as well.
Roger went on a business trip to London and was told during checkout that his Credit Card was declined. A call to his bank revealed that the bank had suspended the card because they did not know that he was traveling overseas.
The scary bit happened in the process that followed on the phone to un-suspend it. It started with the usual questions including the last four digits of the security number or the mother's maiden name. What then followed was unsuspected. The bank employee told Roger that they had a couple of more questions "from publicly available information".
The employee asked questions about Roger's daughter in law using her maiden name (which she apparently has not used for more than nine years). The only publicly available information that connect Roger to his daughter in law is their friendship at Facebook.
Now, Iâ€™m not accusing Facebook of _anything_, but one wondersâ€¦. I canâ€™t believe Facebook would sell our data, so â€¦ is someone â€œharvestingâ€ it?
The bank employee did not reveal the source of the information and it might have been that this has nothing to do with Facebook as there are other public records available that can be used to connect people to each other.
The bank might however have used Facebook in this case and other publicly available information in other cases for the verification process. The danger with those kinds of information is obviously that they are publicly available meaning that the bad guys can also access those information.
How would you react if your bank would ask you these questions?Advertisement