Bank's antifraud tactics stun security expert: How much do they know?

Banks are obtaining personal information not voluntarily provided by a customer

Checking out of a Hilton hotel in London, security expert Roger Thompson was told his Visa card had been declined due to suspicions it was stolen, a situation that only got more disconcerting when he learned the bank that issued the card had more personal information on him and his family members than he ever imagined.

In a tale he relates in his blog, Thompson, chief research officer at AVG, said he was compelled to answer questions on the phone from a Wachovia Bank representative in its fraud-prevention division to prove he was really Roger Thompson and not a credit-card thief checking out of the London hotel.

It turns out Thompson's Visa card was flagged and suspended because he hadn't told the bank he was travelling overseas, a requirement he didn't know the bank had. But the "scary bit" about it all, he says, is that the bank fraud-prevention representative didn't just ask him to give the correct answers to questions such as his mother's maiden name, which he had provided to the bank for fraud detection purposes, but also a host of other questions about his daughter-in-law that he had no idea it knew.

"I was in shock," Thompson says about what he found out that Wachovia Bank had stored "at their fingertips" related to his daughter-in-law -- information Thompson thinks the bank may have found out through Facebook.

"They used her maiden name, they knew she was my daughter in-law, they wanted me to best describe the age range for this person," Thompson says, adding that he was in "shock and indignation" about how they would know all this, including how long she was married.

The bank fraud-prevention representative indicated it was all "publically available information," he says. At the hotel on the phone, Thompson answered the questions about his daughter-in-law, the bank lifted the suspension on his credit card, and he paid his bill and left for the airport.

Thompson says he wracked his brain to figure out where the bank may have gotten this information about his daughter-in-law but he could only reason it was from Facebook, where she's a friend.

Thompson , a security expert with decades of experience in identifying malware, fraud and hacker exploits of social-networking sites, such as MySpace and Facebook, says he doesn't see this as an issue around Facebook per se. Rather, this is about what kind of data that corporations may be collecting from Facebook or other social-networking sites -- if they are. He adds this strikes him as a serious data-privacy issue, and he notes that if a bank has this kind of database information on him, "they probably have it on you, too."

Wachovia, now owned by Wells Fargo, wasn't immediately available for comment on whether they do harvest information from social-networking sites for purposes of fraud detection or where they are obtaining personal information of this type not voluntarily provided by a customer.

Tags privacyFacebook

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World

1 Comment

Anonymous

1

That is scary

I find this story quite scary because here you have a security expert and who has taken all the steps I'm sure to be as secure as possible with his information and the information he gives out and a bank somehow has more information about him, his life and friends. There has to be a limit as to what the banks and government should be allowed to harvest. I would say that there should be some sort of system to allow the victim to see what information is being stored on him/her. If they can collect then we as citizens should be able to view what is being said or collected on us.

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?