Bank of America’s Incredible Security Flaw
September 5, 2007 – 6:49 pmI pulled up to the ATM, inserted my card, typed in my PIN, and was rejected — looks like I forgot it. I parked, went inside, and waited for a teller.
“How may I help you?”
“I need to make a deposit.”
I handed the teller my deposit and was given a receipt for the transaction.
“Is there anything else I can do for you?”
“What is the procedure for changing my PIN?”
“Go see the man at the end of the row and he can help you.”
“May I have your ATM card?”
“Sure.”
I was handed the keyboard for the computer on which the teller was working, entered my PIN twice, and told that “they” (the tellers) couldn’t see what I was entering and that my PIN had been successfully changed.
So what’s wrong with this story? I was at no point asked for any form of identification. You may be thinking that my ATM card had my picture on it; it doesn’t. You may also be thinking that the teller recognized me. I’d never seen him before; how could he know me?
I decided to be a good citizen and report this problem to the Bank of America corporate office so that they might prevent this from happening in the future. I called the 1-800 number for customer service, waited on hold for about 10 minutes, and finally spoke to a representative. I informed her of the situation and she had me on and off hold five or six times trying to get all the details. This went on for 25 minutes before she told me that the “service request” had been entered and would be sent to “the people in the back”, whatever that means.
I have a feeling that if you found someone’s Bank of America ATM card you’d have no problem changing the PIN by simply walking into a branch office and asking to change it. So sad…
No related posts.
RSS Feed
