Click to return to BOL home page
Banker Store Read A Reg Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads Background Checks BOL Conferences CrimeDex FREE Briefings Banker Tools
 

Support for BOL is provided by:

MAIN CONTENT 
Compliance

    Agency Road Maps

    Alphabet Soup

    Compliance Tools

    FACTA/FCRA

    OFAC

Lending

    FACTA/FCRA

    Lending Tools

    SCRA

Marketing

Operations

    Check 21

    Operations Tools

    SAR Resrch Guide

Security

    AML/BSA

    Bank Robbery

    Counterfeits

    ID Fraud/Phishing

    Security Tools

Technology/eBanking

    Info Security


SPECIAL AREAS 
BOL Archives

BOL Blogs

Briefing Archive

Calendar

Court Watch

e-Card Exchange

Examiner's Corner

Executive Briefing

HR Corner

Infovault

Launch Pad

Regulator Roadmaps

Risk Management

Site Map

Site Orientation

Top Stories


~ ~ ~
SERVICES 
CrimeDex

Em@il Education

ID Verification


~ ~ ~
SHOP 

Banker Store
Bankers Info Ntwk
Vendor Connect

CONNECT 

Career Connect

Learning Connect

Vendor Connect

Guru Central

INTERACT 

Ask a Guru
Bankers Threads

Contact Us

Give Us Feedback


TOOLS 

BOL Toolbar

60 Second Solutions

Alphabet Soup

Banker Tools

BOL Forms

FUN 

BOL Recipes

eCard Exchange

LEARN MORE 


About Our Sponsors
About Us




Print Friendly! Email This Article! Discuss NOW!

Out of Wallet Questions
by Mary Beth Guard, BOL Guru

Your customer, Mr. Imanidiot, is out of town on vacation. When he tries to withdraw a few bucks from his account via ATM, he gets a sad little "Sorry, Charlie" message telling him he doesn't have sufficient balance to cover the requested withdrawal. He calls, madder than a hornet, provides his account number, and demands to know what his balance is, as well as details of his last few transactions, including deposits and withdrawals.

Another customer, Ms. Klewless, calls to say she has not received her bank statement in six months. She gives you her social security number and account number and inquires about what address you have listed on the account.

Before your employees respond to either customer, what procedures would be followed to ensure the call is legitimate?

A few months ago, the banking regulators offered for comment proposed additional requirements for information security programs that would require financial institutions to adopt identity theft response programs. That proposal is still pending. Congress, in the meantime, enacted the FACT Act, which also has many provisions relating to financial institution responsibilities to deter, detect, and respond to, identity theft. The point is the pressure is on for financial institutions to fashion workable ways to ensure the person they are dealing with is who he says he is and, when it is an established customer situation, the person who purports to be their customer really is that customer.

One of the eight areas that should be evaluated for information security is logical access controls. That would include procedures to help you authenticate and verify the identity of someone who calls your bank, purporting to be a customer, and inquires about their balance or certain transactions, or who directs you to take certain action with respect to their accounts. It would also include procedures for identity verification that would be applicable when someone contacts your institution and indicates they have lost or forgotten their online banking user name or password.

Increasingly, regulators are frowning on the time-worn practices of asking, "What is your mother's maiden name?" or "What is your social security number?" or "What is your date of birth?" to verify identity. Effectively weeding out pretext callers and blocking account takeovers requires a more creative approach. It requires you to ask the caller something only your customer is likely to know - not a piece of data that can be gained from a stolen wallet or a little research on the Internet.

One method gaining popularity is to ask "out of wallet" questions by pre-arrangement. Your customer chooses from a list of potential questions, supplies an answer that you keep on file in your CIF, then your employee asks the question and, if the caller is legitimate, receives the predesignated answer and identity is confirmed.

The key is to construct questions whose answers will be memorable and, for the most part, unchanging. Your system (manual or computerized) must also be sufficient to accommodate the easy storage and retrieval of the information.

We've rounded up some sample questions that we've encountered, as well as many we drafted ourselves to help illustrate the possibilities. You may feel, as we did, that some would not work well, as a practical matter, while others were ideally suited to the purpose.

Sample out of wallet questions:
  • What is your favorite sport?
  • What is your favorite vacation spot?
  • What was the make of the first car you owned?
  • What is your favorite hobby?
  • What do you like to do to relax?
  • What is your primary frequent flyer number?
  • What is your library card number?
  • What was your first phone number?
  • What was your first teacher's name?
  • What is your father's middle name?
  • What is the name of your favorite celebrity?
  • What is your favorite food?
  • What is the name of your favorite city?
  • What is your favorite animal?
  • What is your mother's maiden name?
  • What is your favorite 5-digit number?
  • What are the last 5 digits of your favorite credit card?
  • What are the last 5 digits of your driver's license number?
  • What are the last 5 digits of your vehicle identification number?
  • What are the last 5 digits of your employee ID number?
  • What are the last 5 digits of your Social Security number?
  • What City were you born in?
  • What is your shoe size?
  • How many bedrooms does your house have?
  • Where does your nearest sibling live?
  • What's your drink of choice?
  • What color are the towels in your personal bathroom?
  • What is your ideal weight, in your view?
  • What is the last name of the author of the best book you ever read?
  • What is your favorite musical performer?
  • What is your brother's/sister's middle name?
  • What is your favorite game?
  • What was your nickname in high school/college?
  • How many miles do you live from work?
  • What is your favorite song?
  • What are the first five letters of your favorite song title? (Could also be a movie.)
  • What is your cell phone number? (No directories for this and you get another contact means. With number portability this should improve.)
  • What is your favorite feature about yourself? (A little invasive perhaps, but people like talking about themselves. The answer would need to be concise.)
  • How many siblings do you have?
  • What is your favorite word?
  • What is your Grandmother's maiden name?
  • What was the town/City of grandfather's birth?
  • What is the name of your favorite non-chain restaurant?
  • What is the pet name you gave your first car?
  • What is your favorite color?
We do NOT recommend using an out-of-wallet question that we encountered this evening on an e-commerce Web site: "What is your most frequently used Internet password?" The last thing you want to do is encourage the bad habit of password reuse!

The original version appeared in the July/August 2004 edition of the Oklahoma Bankers Association Compliance Informer.

First published on BankersOnline.com 3/14/05



Open the newly required
"UAD" .XML appraisals
Download Free UAD Reader

Privacy Policy    Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.