“Three may keep a secret if two of them are dead.” – Benjamin Franklin

If Ben were alive today, he’d need to add a qualifier: “and the third isn’t on Facebook.”

Social media compels many individuals to share the smallest details of their personal lives.  Sadly, while your friends probably don’t care what you had for lunch, fraudsters definitely do.  They also take note of your dog’s name, the alumni associations to which you belong, and take a very keen interest in your Uncle Bob on your mother’s side.  (Well, they care about Bob’s last name, which your mom used to share.)

Never has so much personal information been readily available to the general public.  It’s surprising, then, that so many financial institutions continue to treat public knowledge as a “secret.”   Recall the last time you enrolled in online banking, reset a forgotten credit card logon credential, or “confirmed” your identity to your mortgage holder.  Did they ask for the last 4 digits of your SSN, your favorite sports team, or your mother’s maiden name?  Did the ease with which you passed their scrutiny make you a bit uneasy?  It should.

You can’t withdraw cash at your bank’s local branch by providing the make and model of your first car.  So why do institutions continue to rely on such flimsy validation for online access?  I believe it’s for one of two reasons.  Either they are avoiding the costs of updating their systems and procedures, or they do not take your security seriously. Whichever it is, is grounds for you to take your business elsewhere. (Be sure to let them know why you’re leaving.)

If you decide to continue your relationship with such an institution, there are few things you can do to better protect yourself:

  • When setting up secret questions, provide complex passwords instead of factual answers.  Favorite food?  DKeue673e8dhds8  Dog’s name? Ekdikud87$34d  (boy is it hard to call him!)
  • Whenever possible, opt-in for multi-factor authentication that utilizes SMS texts.  Fraudsters may know what your favorite pizza topping is, but they don’t have your cell phone.
  • Make a little noise.  Let the institution know that you don’t appreciate having your account and identity protected by 1990s technology.
  • Lastly, be mindful of the information you share on social media.  Consider who may be watching your snaps, tweets, and status updates.

Be safe (and secure) out there!

The views expressed are those of Brinker Capital and are not intended as investment advice or recommendation. For informational purposes only.

Tagged: Jim O’Hara, cybersecurity, cyber threats, technology, passwords, social media