You absolutely cannot trust anyone that says "This is for security purposes" anymore. I certainly don't. So imagine my chagrin Thursday night when I received a phone call during the middle of my dinner from someone supposedly from my bank with information regarding one of my cards, but refusing to actually give me said information unless I yielded some personal security data "for security purposes". Color me spooked.

So, paranoia kicking in I immediately check my accounts online. Come to find out that I do have a late charge applied to my card. So I'm pissed about that, because this April charge I believe that I paid in April. I had it on a TODO list and the item is crossed out. But it would have been an online payment and I can't seem to find the evidence I'm looking for in my online account. I'm still working on that because I'm angry that a stupidly small charge on a card that has seen maybe three or four charges total might look bad on my credit report... Apparently I need to be more vigilant that payments actually go through from here on out. But that's beside the point for this particular rant. The important part is that I paid the full amount (original charge + late fee + an absurd amount of interest) as soon as I saw that there was any balance at all on the card.

So I visit it my local branch and bring with me a copy of the number that my cellphone showed for the call and to see if they have any information on my account that I should no about. The teller/manager I talked to mentioned that three reports of fraudulent seeming phone calls had been previously voiced to him in just that day. Go figure that the phone number that the call supposedly came from was indeed the Bank's Credit Collection Office in St. Louis. I don't know why collections was notified about my account for a small charge that was only 15 days overdue. I feel like there is something screwy going on.

The teller and I talked about identity theft a little bit. He said, "they were just asking for the last four digits of your SSN... you would think a thief would ask for the entire thing." As a Computer Engineering student I've seen more Security and Identity Theft lectures than most bank tellers, apparently. SSNs are not secure at all. Period. They weren't meant to be secure. The last four digits is indeed the unique part of the SSN, which is precisely why you shouldn't give it out! The last four are a serial number and incredibly hard to guess without a lot of additional data. On the other hand if a thief had your last four digits and your hometown (city of birth), the thief doesn't have very many guesses to find your full SSN, particularly if you were born in a rural geographic region. If they also have your approximate age, let alone your date of birth, they probably don't need any guesses... Guesses are fast and easy to check in this modern age of computing so do not put it past a potential thief to mind guessing at 4 million possible candidates, much less the 5 or 6 that they would need to find your SSN knowing your last four digits and hometown.

So, I don't know about anyone else, but I would much rather have my bank tell strangers that I'm late on a $40 charge than have my bank ask me for the last four digits of my SSN over the phone on an unsolicited call that I have no way of verifying the identity of the party on the other line. I make sure that my contact information is up to date with the bank. They should just trust me when I tell them my cellphone number. But even if they aren't willing to do that, "for security purposes", the least they could do is leave me a polite message on my answering device to call the 800 number or login to my account online at my earliest convenience. On a side note, I don't understand why collection alerts signal phone calls but they don't bother to put any alert message onto the online system or send an email message of some sort. I did find some "opt-in" alerts, so I guess they sort of have that available... If you search for it.

So I got really pissed today because I got two similar phone calls during lunch today. One went to my cell phone, and being in the middle of a great sandwich I let it go to voice mail. No message was left. The other went to my home phone and a similar "we have information but can't give it without security information" harassment was given to my mom, who then proceeded to call me and wonder if I was in more trouble that I really am. I seriously don't understand why they seem so desperate to collect $40 plus late fees, big national bank that they are. If they were that desperate they might as well have just grabbed it out of my checking account that is attached to the card (the big reason I have the card in the first place is for their overdraft protection) and save me the trouble. Keep in mind that both of these calls were after I cleared the card back to a $0 balance and talked to a local branch. So now not only is the bank's collections office in St. Louis security stupid, they are also inept and I'm angry. I called the bank's 800 number, verified that the calls were indeed from the Credit Collection Office under Card Member Services.

I can't very well complain to the bank for harassing me about a late payment. I can see that that is their bread and butter and they won't give two shits and a shake. On the other hand, I have called back to get the mailing address with which to file a formal Security complaint with the Card Member Services department, which I will do. I certainly don't expect my bank, particularly after seeing all their self-promoting spam about how security conscious they are, using "security" techniques that are prime targets for identity theft and fraud. The difference between my "legitimate" calls and the fraudulent ones that the teller was talking to me about was only on the actual subject matter involved (credit lines and investments rather than credit cards). The bank absolutely should not be asking security questions on calls that are directed to customers, regardless if it is standard practice on calls from customers. There's a huge difference between the two, and the former is the domain of frauds. If customers can expect it in legitimate calls it is all the easier for scammers to do it to unsuspecting customers...

This whole thing has only further affirmed my belief that local branches are your friends and you can trust them and the national offices of national banks are not and you cannot.