We’ve all heard a lot about identity theft. But have you considered the problem of corrupted information being attached to your online identity?
I recently had an interesting interaction with a financial institution. Before they would discuss my account with me, they wanted to confirm my identify by asking a series of personal questions. In theory, this sounds reasonable. In reality, it was a nightmare.
I was told the answers were taken from multiple sources of publicly available information about me. Hmm–in that case, it seemed like other people besides me would have been able to determine the answers, right?
As it turned out, NO ONE would have been able to answer these correctly–because the answers they were looking for weren’t factually correct.
We started with my age and driver’s license number. That was simple. Then they asked about one of my prior addresses. Also simple (and something someone else could have answered). From there, it went downhill. I was asked about a prior employer and given 4 possible choices. None of them were accurate, which I told the customer service rep. She didn’t know how to deal with that and said I had to pick one of the 4 answers. But there was no correct answer, which meant we were stuck. She had no idea how to move forward from there.
She finally agreed to send me login information by mail. I went to the website, entered the login, and lo and behold, was subjected to a similar authentication process. The first 2 questions were fine and I answered appropriately, but the third one was again a multiple choice question with 4 incorrect answers, so I was stuck again. Another phone call. Since they had an established paper address, we got around this by having them physically mail forms to the address they had on file, but it appears there is no way for me to establish an online account with this firm.
Here’s the problem: Somewhere along the line some incorrect information was attached to my profile. This was picked up by the authentication program and passed along as gospel. I don’t know where they got the information from (and neither do they), so I can’t go back and fix the mistakes. The bank’s process is to require correct answers to all the questions, so therefore they couldn’t authenticate me.
We got around the problem that time, but the incorrect information is still out there, somewhere, and sooner or later this will likely happen again. As a business, consider that your need for security needs to be balanced with how best to serve your customer. Online systems like this are far from perfect. What’s your backup plan? How will you handle these situations?
I was not eager to go through the hassle with this institution again. End of story: Case (and account) closed.