how do I know who YOU are?

Thursday, Oct 28. 2004  –  Category: Musings

A thought crossed my mind today as I called TechCU to report that yes, I had lost yet another ATM card (well, left it in the machine, which I assume then ate it for lunch). To the girl who answered the phone’s credit though, she didn’t ask me why I was requesting my 4th card in the past 6 months.

Anyway, she asked me to confirm my date of birth, my membership number, and all that usual stuff… which makes me wonder, how the hell do I know who YOU are? I realise the need to confirm who I am, that’s obvious. And I know that I’m dialing the # listed on the TechCU web page - but who’s to say that: 1) the web page hasn’t been hacked and had its phone number altered? 2) the phones haven’t been diverted

(1) is more likely to happen than (2). Web servers get hacked all the time, but usually by kids who put up intellectually thought-provoking messages like “J00 HAVE BEEN OWNED.”, or something else obvious that is immediately noticed. But who would notice if the webserver had been hacked, and someone changed the phone number on the “Contact us” page? Hrm…

In any case. There should be some method that I should be allowed to use to authenticate the other end. This could be as simple as a password/passphrase, which I think would work. Why don’t we do this?

Leave a Reply

Comments will be sent to the moderation queue.

Recent posts

Categories

Grommit

Mozilla

OpenSolaris

Songbird

Archives

Meta