If you are like many people, you have a Facebook account that is accessible to the rest of the Internet-connected world. Take a look at it and see if it indicates the dates and places where you grew up, went to school, got married, or if it includes names of pets, childhood friends, etc. Maybe there are postings that celebrate anniversaries, birthdays, and class reunions too. If so, that is all the type of information cyber-criminals may need to social engineer their way into your banking or other accounts. The safe move would be to make sure your on-line accounts do not use any information that can be found in your social media.
For banks and other institutions that receive calls from customers that need account information, don’t rely on challenge questions that can be answered from a social media site. Asking a caller “What is your date of birth?” or “What is your mother’s maiden name?” are too easy to find in social media or ancestry sites, and should not be relied upon to positively identify a customer. Caller ID is also easily spoofed and should not be trusted.
So, what does work? Questions that only the customer would know (and wouldn’t be something found on Facebook!), such as:
“When was your last deposit, and for how much?”
“Where are your statements delivered?”
“When was the last ATM withdrawal and for how much?”
“What was the amount of your last (car or mortgage) payment?”
Do you remember your childhood best friend, their birthday, their pet’s name, where they went to high school, and who they married? If so, do you think that information makes for good security questions? Especially since someone undoubtedly knows the same about you?