| By Jim Bruene on October 15, 2009 5:55 PM | Comments (4) |
This is a somewhat perplexing message to receive after logging in to online banking. It seems almost phish-like (especially with that old-school corded phone in the picture):
A recent review of your account indicated that we are missing your date of birth. We use this information to help verify your identity. Please call us at the 1.800 Customer Service number on the back of your credit card so we can update your file.
I guess I can understand the bank wanting my birth date, but it brings to mind several questions:
- Why are they asking me now? I've three accounts there, with one dating back to the 1980s. Is something wrong? Has my account been accessed by someone else? Then my more cynical side thinks, did this request come from the marketing dept. or the security folk? Bottom line: the bank should provide a more detailed explanation via a "more info" link.
- I have to CALL, really? Why can't I do this online? Will I have to endure a cross-selling session when I make the call? Will I have to go through the entire phone tree to get to an operator? The least the bank could do is provide a direct line for the task.
The whole thing seems like a ridiculous waste of time. A five or ten-minute journey through call center menus in order to provide six numbers to a live operator. Plus, won't this extra call-in requirement drastically reduce user response?
Bank of America interstitial after logging in to online banking (14 Oct 2009, 5 PM Pacific)
Most Recent Posts:
v2.gif)
You have to call because of phishing. This method prevents their customers from trusting the "we're updating our records, gives us your personal information" emails and fake login screens that are so often used to phish identities and accounts.
@Blair S
I would guess you are right...but still seems like overkill. I'm already logged into online banking, so it's not a traditional email phish. I know that malware could trigger a fake ad, but only asking for my birthdate wouldn't be much of a score for the phisher. I suppose they could ask for more once they got the birthdate.
I have a different theory that relates more to your first point. Banks are plagued with multiple accounts for the same person and for similar names. It is only possible to co-relate customers to somewhere between 60 & 80% based on the narrow view of name and address which many old accounts have as their primary data. Adding DoB is one way to simply add a useful piece of data.
I would guess while they have you on the phone, they will be scripted to ask other questions too.
When there are any changes or problems with my account, my bank calls me and provides solid evidence they are the bank and not someone trying to steal my information. This is an annoyance to the customer as it is the banks fault for losing or making the mistake regarding your DoB.