First up, credit to the Blogger who first raised this little absurdity, go and check out Tongodeon who originated this story. I cover it here for two reasons:
- The thought of the amusing situations that this could bring to the boring task of banking
- The fact that a BANK would be so stupid as to implement this in the name of security
This bank has set up a new authentication measure for identifying customers who phone the customer service line. In addition to other identification data they need to provide, they are also required to provide a secret question and answer of their chosing. Basically the operator will ask the question and the customer will provide the pre-determined response. Now this is fairly similar to the common Australian practice of providing a password in addition to personal information to verify your identity; a practice similar in its level of security deficit but not as much fun I guess.
Both of these practice put a lot of trust and faith in the operator you are speaking to. Whoever takes you call will gain all this information and potentially have the ability to use it for nefarious purposes. Combine this with the fact that call centre operators are generally not very well paid or on rather poor work contracts, I think this reveals an accident waiting to happen. Particularly when cheap inexpensive technology such as an RSA key is readily available.
But enough doom and gloom. Let’s look at the fun you could have with such a system.Tongodeon has provide a few choice examples to paint the picture of the type of secret question and answers you could use:
Q: Do you know why I think you’re so sexy?
A: Probably because you’re totally in love with me.Q: Need any weed? Grass? Kind bud? Shrooms?
A: No thanks hippie, I’d just like to do some banking.Q: The Penis shoots Seeds, and makes new Life to poison the Earth with a plague of men.
A: Go forth, and kill. Zardoz has spoken.Q: What the hell is your fucking problem, sir?
A: This is completely inappropriate and I’d like to speak to your supervisor.Q: I’ve been embezzling hundreds of thousands of dollars from my employer, and I don’t care who knows it.
A: It’s a good thing they’re recording this call, because I’m going to have to report you.Q: Are you really who you say you are?
A: No, I am a Russian identity thief.Q: For the remainder of this conversation, “How can I help you today?” actually means “Would you like to buy some mescaline?” Do you understand?
A: I understand completely.
To this I can only add:
Q: As I said one morning walking down the street
A: Singing do-wah-didy didy-dum-didy-do
Q: I see dead people
A: Really? You must be nuts
Q: I think I just wet my pants
A: Oh, would you like me to give you a minute?
Q: Don’t bank here, use the [enter name of different bank] they won’t screw you with fees like we do
A: Gee, thanks for the tip
Q: Would you like a copy of some hot [chick/guy – delete as appropriate] we caught on the ATM camera?
A: Sure would, where can I download it?
Q: Everyone in this office is gay?
A: Not that there is anything wrong with that.
Choice is a wonderful thing. I wonder how long it will take the bank to change its policy?
Previous 
Next 
