A post relating to this item from Finextra:
16 June 2009 | 9559 views | 1
US financial services firms have lost the battle to protect the personal information of customers and must now assume that all their clients' data has been, or will be, compromised, according to Tower...
Reaction to the article of TowerGroup
Regarding the usage of "traditional" account information (name, address, birthdate...) as authentication factor, I guess we can say that, at least in Finextra Community, we know that this type of data has been compromised long before being put on the spot
by the successive data breaches.
Even before the series of data breaches, this type of "traditional" information was already easily available on the web via the social networks and deep web search tools. There is always a trace somewhere even if you never enter your info on a website.
Concerning the recommendation of using knowledge-based authentication and one-time passwords delivered via SMS, I could not agree more.
The type of information that needs to be used for the authentication has to be dynamic, and the process itself must include an out-of-band channel to be insensitive to the latest hacking techniques.