![[FSF Associate Member]](http://www.data-raptors.com/images/fsf4867.png){kind=small}
Thu, Feb 08, 2007
Credit Union Follow-up
Posted at 6:00 pm MST to Technology
I pasted a copy of my previous Credit Union related post into an email and sent it to their contact address. Talking about them behind their back wouldn't give them a chance to fix things.
Today I got a phone call from an account manager at Bellco, who apologized for the mess with my credit card account and assured me they would try to improve. Note that I am now providing a link to their site.
We discussed a number of aspects of the site, including the credit card company's new security measures involving little pictures, which seem to be a case of security theater: something done for the sake of doing something, not because it is effective. Frankly I have additional doubts about the system: when I tried to configure it, it would NOT allow me to select anything but the default image. So I have no limited defense against a phishing site that can find out what the default image is.
Another financial site authentication method I encountered is also very lame. (It may have been the same bozo credit card site.) You have to select five questions to answer from specific groups of questions that they provide. The questions are not designed for childless spinsters with deceased parents and various other outlier characteristics. I suspect that if I ever need to re-authenticate at that site, I am doomed. A site that asks for Mother's maiden name should not also insist on a value with more than 3 characters. And there was at least one question where all but one of the options would have needed "Not Applicable" as an honest answer (which I didn't think to try at the time).
Security theater. Feh.
permanent link || trackback || 0 comments || Add a comment