OK, so there’s some SERIOUS security flaws in banking & reporting frauds. I just found I had some fraudulent shit happen on my card, I’m trying to call the fraud people, who aren’t exactly part of my bank, or is some extension of my bank. I call these assholes with my case number, then they want my account number (full), card number (full), or my SSN (full) before going on with the call.
Exactly who is it that has had their shit compromised, that would then give any of that info out, over the phone, and to some fucking 3rd party call center (yes it is, regardless of how much they try to convince you otherwise)?
1. The call center should have at least either the email address that the claim is tied to or the phone number that the claim is tied to on file, in association with said claim number.
2. Why can’t they confirm the number I’m calling from as the number that is tied to the account? Haven’t we all had caller ID for like ever?
3. After confirming the phone number with the claim number, if they need an additional confirmation, why not confirm the email address?
4. If you need further confirmation, pick a sequence of random numbers dictated by the system you are tied into of I don’t know, the middle 5 numbers of your account number, card number, or SSN? Or any variation of that?
The banks should realize that you should NOT be giving any of this information out over the phone at all, to anyone. That’s how this shit started, some bastard at some call center with some paper and pen writing this info down and getting the rest from the screen, then boom, more fraud (oh, and trust me, they’ve gotten better at it). Yeah, no fucking thank you. They need better and more reasonable security measures and confirming the full account number, SSN, or card number, over the god damned phone is so very far from secure, that it should be invalidated as a process, ESPECIALLY when calling these fraud centers or even the bank call centers.
This is ridiculous.
By the way, if you think everything is fine because they have some CIA like security type shit at these call centers, where they check employees for paper, pen, USB sticks, SD cards, cell phones, etc, you’re fucking SUPER wrong. That costs too much, and there is no way that ANY call center, ANYWHERE in the world could afford to do this, and there are literally ZERO workers that would go through that for some shit wage (because call centers are all shitty wage places).
Can we get some 2 or 3 factor security thing going for when you call the fraud lines? You call some auto generated extension at whatever call center from the phone that your account & complaint is tied to, then maybe one or 2 additional questions to be verified verbally. How about that? There are literally probably 10,000 security permutations that you can come up with that would be WAY more secure than the current systems.
Shit, did I just come up with a business plan? Any people with money wanna back this? Seriously, this is what the security should be for banks and their fraud centers, at a minimum.