A few weeks ago, I thought I'd give Huntington Bank a go, so I opened an account and started the process of moving my direct deposit over and all that fun stuff. Yesterday, I get a voicemail from their fraud prevention department; they saw someone log in using tor and froze everything. I call them, verify myself satisfactorily, and am asked if I use tor. A) How is that your business, and B) see A. But I say yes, I use tor, but not for all traffic. After some back and forth bickering, and an attempted lecture of the dangers of using tor (tor is no more dangerous than the open internet, morons), they request I go to a local branch to have them set up a new username/password for me. I do so, the local branch calls the fraud prevention folks, and they refuse to release my account until their security department reviews it. WTF?! So *I* call them back, from the bank branch, and they will release the funds if I'm closing my account, but not if I just need access to them. Double WFT?!?! You'll give me my money if I close my account, but not access to my account, or my money, if I want to keep it open?!?! In what world does that make ANY sense?! So, of course I'm going to close my account. I mean, someone managed to breach it within weeks of being opened, even though I use best practices? Sorry. Not sure I want to bank with you? Then refuse to give me access to my own account because I admitted to using tor?! Even though I don't use it for online banking?! (as a matter of fact, I use it to hide my whereabouts when playing Alternate Reality Games, not that it's anyone's business WHY I use tor.)
So, the person at the branch is helpless to do anything, so starts the process of closing my account. Except my funds are frozen, and she has no idea how to deal with it. So I have to hand MY cellphone to the lady and let the morons at fraud prevention walk her through. During the process, they apparently ask for some sort of security credentials... which she tells them WHILE WITHIN EARSHOT OF ME. So, she's incompetent at closing my account AND at security best practices (hell, I could have dialed a friend and had them claim to be in fraud prevention, and social engineered access to my account, for all she knew... or at least, to her credentials.. which I would now know if I were less than honest and had made an attempt at remembering... Oh... Did I mention she typed her PC login/password while her keyboard was within plain sight of me, too... So I could have that, too, if I wanted...) So, I did what any tech savvy disgruntled customer does... I start tweeting the experience while I'm waiting the 30 minutes AFTER my funds have been given to me for her to be walked through closing my account... At which point, she got extremely paranoid... Are you recording me? No, I'm posting to the internet. Not my number?! That's a federal thing... No, not your number, which anyone in line could have heard and memorized as well...
The TL;DR of it is, thanks, Huntington Bank, for being a bunch of morons and losing me as a customer. It's your own fault. Your tellers need to learn security best practices. Your fraud prevention needs to learn a little about tor and quit attempting to spread FUD about it. And your security department should be a 24/7 operation; you're a bank, for %deity%'s sake! Thank %deity% I wasn't on vacation outside Huntington's footprint, because I'd be stuck there.
No comments:
Post a Comment