It's not the first time that Banks have asked me daft questions in order to identify me.
Every few years of course I have to be sent a new card and as part of that process I have to "activate" it. What do Banks need to know?
First that I have received the card and second that I am who I claim to be.
By all means ask me about the card I have received. What is the account number, expiry date and rather pointless three digit code on the back. This confirms that I have received the card.
Now you need to know it's me who has received it.
Yes I can tell you my date of birth, address and mother's maiden. Sadly so could a fraudster since this is all in the public domain. So how do you check it's me? You ask me what the credit limit is!
Well I'm sorry but that is hardly something I remember. As long as the number is big enough whether it is $10,000, $15,000 or $100,000 it really doesn't matter to me what my credit limit is. And of course your clever credit algorythm has probabally set a
limit of $17,950 which I have no chance of remembering. So why ask if I know what my limit is?
The problem of course is that in a world of social media and accessible public records virtually anything I know about myself is in the publi domain. So how do Banks check from data that I can easily remember, whether I am who I say I am?
That's the question. There isn't a simple answer. But for who ever comes up with the answer the prize awaits.
(PS A security token only proves I have the token and the codes to use it not that it's me)