|Back to Action Line|
|Dan Levin||February 15th 2012|
BB&T bank is among the nation's best regional banks. Certainly, it is among the fastest growing through a series of timely acquisitions in various states. Hundreds of cozy branches staffed by friendly officials now dot the commercial districts of North Carolina, Florida, and Maryland.
Unfortunately, in the opinion of some of its customers, the bank has taken a giant step backward with its new online security questions. It seems the bank has revised its security questions to emphasize childhood and child memories that may not apply to many grown up adults.
For example, "What was your favorite place to visit as a child. What was your dream job as a child? Who was your favorite childhood friend? What is the name of your favorite mentor or teacher? What was your childhood phone number? If you could be a character out of any novel, who would you be? What is your dream car? Where were you New Year's 2000? If you won a million dollars, what is the most extravagant purchase you would make?"
The winner may be "What is the name of your most memorable stuffed animal?"
Without creating answers "that are easy to remember," customers could not log onto their BB&T accounts to pay bills and undertake other transactions. The prior set of three personalized security questions was no longer functional.
One Maryland customer complained in a letter about "BB&T's desire to treat me as a child and insult my intelligence. This means you have no respect for your customers." The new slate of childhood-oriented questions are not standard security questions. Nor are customers permitted the option increasingly seen on other secure sites: "Create you own questions." The Maryland customer complained, "The majority of these elementary questions are aimed at children or child-like customers and seem to have been created by a high school hacker."
Apparently, no one at the consumer side of the bank had any power to address the new slate of security questions. The complaining customer was compelled to create three random and arbitrary answers to remember in the event of a genuine security challenge.