Nutty online banking security stuff

[firecat]

I have a mortgage and I pay it online. When I log into the account, this is what usually happens:

1. They demand that I change my password to something different from what it was before. So I do it. I believe that the strongest passwords include letters, numbers, and symbols. So I enter a password like that. Then they tell me I can't use any symbols. So I have to redo it to something less secure.

I have a program that stores all my passwords now, but before I had that, I had trouble remembering what password I was using for this site (because I constantly had to change it and couldn't use symbols) and I kept having to call them up and get them to reset the account.

2. They demand that I answer a "security question" that I previously set up.

3. When I confirm my payment, they demand that I enter the last 4 digits of my social security number.

This seems ridiculous, especially since a mortgage account ONLY INVOLVES MY GIVING THEM MONEY. I can see reasons for using multi-factor security to protect checking accounts and credit accounts, but I can't think of any reason for someone to hack into a mortgage account.

Comments

[pameladean]

I would bet that they just use the same security requirements, if they can be dignified with the name, for all online accounts. If they are an actual bank, they presumably have customers who might remove as well as provide money.

P.

[firecat]

I would bet the same. But the mortgage account has a separate web site and everything.