Bank's antifraud tactics stun security expert: How much do they know?

Checking out of a Hilton hotel in London, security expert Roger Thompson was told his Visa card had been declined due to suspicions it was stolen, a situation that only got more disconcerting when he learned the bank that issued the card had more personal information on him and his family members than he ever imagined.

In a tale he relates in his blog, Thompson, chief research officer at AVG, said he was compelled to answer questions on the phone from a Wachovia Bank representative in its fraud-prevention division to prove he was really Roger Thompson and not a credit-card thief checking out of the London hotel.

Implementing Best Practices for Web 2.0 Security : Download nowIt turns out Thompson's Visa card was flagged and suspended because he hadn't told the bank he was travelling overseas, a requirement he didn't know the bank had. But the "scary bit" about it all, he says, is that the bank fraud-prevention representative didn't just ask him to give the correct answers to questions such as his mother's maiden name, which he had provided to the bank for fraud detection purposes, but also a host of other questions about his daughter-in-law that he had no idea it knew.

"I was in shock," Thompson says about what he found out that Wachovia Bank had stored "at their fingertips" related to his daughter-in-law -- information Thompson thinks the bank may have found out through Facebook.

"They used her maiden name, they knew she was my daughter in-law, they wanted me to best describe the age range for this person," Thompson says, adding that he was in "shock and indignation" about how they would know all this, including how long she was married.
<snip>
Thompson , a security expert with decades of experience in identifying malware, fraud and hacker exploits of social-networking sites, such as MySpace and Facebook, says he doesn't see this as an issue around Facebook per se. Rather, this is about what kind of data that corporations may be collecting from Facebook or other social-networking sites -- if they are. He adds this strikes him as a serious data-privacy issue, and he notes that if a bank has this kind of database information on him, "they probably have it on you, too."
http://www.networkworld.com/news/2009/121409-bank-antifraud-measures.html

Too much of a brave new world eh? FYI to all.

Is the results of the banks outsourcing operations overseas and paying people shit wages in corrupt countries. They are more susceptible to stealing bank data for organized crime than Americans.

You get what you paid for, fucking traitors.

If you think about it, it's much safer than so-called "security" questions like "what's your mother's maiden name?".

They may have the information because DIL is also a customer... or it could easily come from a public database. I don't see that Facebook had to be involved at all.