Echobit

I recently wrote about security when it becomes a nuisance rather than an effective safety mechanism. Not long ago, I had a similarly unfortunate interaction with a large American bank.

Shortly after I had created my account, it turned out that I’d given them an incorrect mailing address because the agent at my apartment’s leasing office had accidentally written the wrong street number on the leasing papers (well done…). Even though only the last digit was wrong, and the street number one I’d been given didn’t even exist, it meant I had to get in touch with my bank, insurance company, etc., to make sure they all had my correct address.

Unfortunately, changing the mailing address with my bank turned out to be more difficult than expected.

They have a really nice home banking portal and one of the things they allow you to do is update your current address. So, I went ahead and filled out the form and it told me that I should allow 24 hours for the changes to take effect. Upon receiving an e-mail notification from the bank shortly after stating that I’d made changes to my account, I believed my address had been changed successfully (or at least was about to), and I happily forgot about the issue.

Later that same month, I received my monthly statement from the bank in the mail. The address on the letter hadn’t been corrected and was still pointing to my non-existing address, however. (I guess USPS is clever enough to figure out where I live because it’s such a slight error.) I tried calling the bank about the issue, but every time the automatic phone system attempted to forward me to a customer representative the call was dropped.

Being lazy, I refused to give in and go to the local bank office to get the issue fixed, so instead I looked around the home banking site some more. I was pleased to discover that it had a nice “Chat with a customer representative now” feature. Upon activating the feature, a chat window appeared and shortly after a representative connected to the session and asked me in the usual overly polite way what he might assist me with.

I explained the situation, which he was very happy to assist me with. He just needed to verify my identity before he went ahead and updated my mailing address. Fair enough. I patiently answered all of his questions about the number of accounts I had, where I lived (by providing him with my incorrect address), and so on. Eventually he went ahead and updated the address and told me that the change could take up to 24 hours to take effect.

I was happy. I’d found the online chat feature quite convenient as it had saved me a trip to the bank. Even better, though, this time the change had to be effective since it’d been done by a human.

Wrong!

A couple of weeks later I noticed by coincidence that the address listed on my home banking portal was still pointing to the incorrect one. Despite numerous appeals from my friends to just go to the bank to get it over with, I decided to give the customer representative chat feature a last chance.

This time around I made sure to let the representative know that his colleague had failed to do this correctly last time around and that I was running low on patience. He assured me that he would make the change successfully. I just had to answer a few security questions first.

It occurred to me that if I had successfully logged in to my home banking account through the multiple layers of security offered by the bank, why did I have to go through yet another process of verifying my identity by answering a bunch of security questions? A friend of mine suggested that maybe the customer representative didn’t have any information about me when I connected to the chat session. I doubted that, so I asked him:

You: I have a question too. When I joined the chat, does it say who I am or are you relying on whatever I tell you?

Nicholas: Yes, Soren. We have all the account information with us.

You: so why do you have to ask me all these questions? I mean, I’m logged into home banking so you already know who I am since I logged in

Nicholas: I understand that these questions are annoying; however, these are for the security of your accounts.

Nicholas: As your account security is of prime importance to us.

You: I know, I’m just failing to see what extra security it gives since I wouldn’t be chatting with you if I hadn’t already proven my identity when logging into home banking

Nicholas: I completely understand your concern in this matter.

Interesting. Apparently, the bank believes that if they verify my identity multiple times, their online site will be more secure. Honestly, I think this is most likely an issue with the computer system that the bank uses internally, which doesn’t distinguish between assisting customers phoning in or using an online feature. Either way, it just makes the whole customer experience worse since it means we’ll have to go through multiple hoops to do one thing. It also means customer representatives will have to spend more time assisting people.

Added bonus

As an added bonus, I’ve included the customer representative’s last few sentences before I left the chat. I think it really illustrates how overly polite these guys are (or are required to be). To me, it just seems superficial and unnecessary since I know he doesn’t mean it and it just sounds plain stupid:

Nicholas: I reassure you that your concern is very important to us, and will be resolved with utmost priority.

Nicholas: You are most welcome.

Nicholas: Thank you very much for giving us an opportunity to assist you.

Nicholas: It was a pleasure assisting an esteemed customer like you today.