The first time I hit the page, it asked for:
- Customer number
- First 5 digits of my mailing zip code
- And my pin, transcribed visually into letters (see the picture, it is worth 1000 words!)
The second time I hit the page (F5 - refresh), it asked for:
- Customer number
- 4 year digit of my birth date
- And my pin, transcribed visually into letters, but using a different set of letters corresponding to each number (again, see the picture!)
After a few more refreshes, it asked for:
- First 4 digits of SSN
- Last 4 digits of SSN
- First 3 digits of SSN
- Last 3 digits of SSN
True, if you know my customer number, birthday and SSN i'm still pretty much out of luck, but at least the pin transposition along with the different credentials combinations could help slow down an automated attack vector!
All that plus a better rate on my savings account! :)
cheers
jk
No comments:
Post a Comment