Thursday, March 1, 2012

Key Bank, (in)Security & Datafarming

Today I logged into my bank account at Key Bank, and after answering my security questions (crafted with years of experience), instead of being sent to my account pages, I was thrown to this page:

I have no loans with Key Bank. I have no credit line with Key Bank. I have nothing with Key Bank but a checking account, with no Direct Deposit, no tie-ins, nothing; a plain old-fashioned manual checking account.

Look at what they are asking for: height (last time it was driver's license number), employment history information, car registration information...

This is the second time I have been forced to go through this "verification process" without ever having given Key Bank this information. Key Bank has absolutely no business having this information. I put money in; I take money out. I do not Direct Pay any bills; I maintain absolute manual control over my banking processes.

Not only is this bypassing my own crafted security, it is destroying my own security. They are linking my bank account to publicly-searchable information, which is no security at all; it is a menace to security. They are compiling my separate data in one place, which means if they are hacked, the crackers get all of my information in one nice package.

This is a security threat, Key Bank. This is irresponsible, reprehensible, stupid and way more intrusive than you are allowed to be as a handler of my money, which you make profits from. I am not your child; I am not your consumer. I am your customer, your client.

6e * 65 * 74 * 77 * 6f * 72 * 6b

Key Bank, you are history; I'll be changing bank accounts tomorrow and deleting you from my existence. You are also now the target of an information campaign to spread awareness of exactly how insecure your systems are, how inadequate and possibly-criminally negligent whatever unqualified bonehead "security IT person" injected this process into your verification system & are under suspicion of selling my data for profit in a way you were never authorized to do. Congratulations. Enjoy the feedback.

6e * 65 * 74 * 77 * 6f * 72 * 6b