Your Bank Might Know More About You Than You Know
Many Internet users, especially those who use social networking accounts, expose information about themselves but also friends and colleagues on the Internet.
You have probably read stories in newspapers in the past that cyber criminals are using those information to create false identities, or trap friends and colleagues into thinking that they are actually someone they know. What has not been discussed nearly as much is if and how companies and organizations like banks deal with those information.
It is common knowledge that many companies search for information online about future employees, but the story that Roger Thompson, AVG's chief research officer, posted on his blog seems to suggest that companies use publicly available information for other things as well.
Roger went on a business trip to London and was told during checkout that his Credit Card was declined. A call to his bank revealed that the bank had suspended the card because they did not know that he was traveling overseas.
The scary bit happened in the process that followed on the phone to un-suspend it. It started with the usual questions including the last four digits of the security number or the mother's maiden name. What then followed was unsuspected. The bank employee told Roger that they had a couple of more questions "from publicly available information".
The employee asked questions about Roger's daughter in law using her maiden name (which she apparently has not used for more than nine years). The only publicly available information that connect Roger to his daughter in law is their friendship at Facebook.
Now, I’m not accusing Facebook of _anything_, but one wonders…. I can’t believe Facebook would sell our data, so … is someone “harvesting†it?
The bank employee did not reveal the source of the information and it might have been that this has nothing to do with Facebook as there are other public records available that can be used to connect people to each other.
The bank might however have used Facebook in this case and other publicly available information in other cases for the verification process. The danger with those kinds of information is obviously that they are publicly available meaning that the bad guys can also access those information.
How would you react if your bank would ask you these questions?
I don’t care. If I post something on the web or “befriend” somebody – bank may use it as well.
There are a lot more dangerous people.
It is clear from other threads that I’ve seen that Facebook data is indeed for sale and that many company’s have access to the “private” data. Indeed, the terms and conditions do NOT exclude this “use”.
So I am sure that the bank does indeed have access. However, if my bank did that to me I would certainly go ballistic. I would then demand to know ALL of the information they hold about me. I would then contact the Data Commissioner and ask some pointed questions about the banks data protection processes.
Of course, being somewhat knowledgeable about these things, I can say that I NEVER put anything on Facebook that I wouldn’t be happy putting on an open website. I sincerely hope that articles like this raise awareness of this gaping hole in “privacy”.
Regards, Julian Knight
http://it.knightnet.org.uk, http://www.totallyinformation.com
Scary, but standard. I’ve been through that with my payroll company. After changing my password at the end of the month, as opposed to when it expired, I couldn’t access their server. I had to call and answer a ton of questions first. I had a fit.
Not because they were pulling public info and storing it, although that absolutely got my attention. What really got me was much of what they were basing their “Identity inquiry” was almost half inaccurate. Choices of streets I had never resided on, information that would have been true… were I my father, and a criminal offense committed by someone who’s last name and first initial were the same, but lived two thousand miles away.
With all the effort that they are putting into identifying customers, they should considering paying someone, just one dude even, to validate the information’s accuracy.
I agree, this is scary.
I don’t understand why the bank would interfere with a legitimate transaction and I definitely would not want my bank to be following me around – that’s just crazy.