|
|
|
|
|
|
by BlackFly
3714 days ago
|
|
|
Call centers are in general quite atrocious as far as authentication goes. Here is one particular egregious example http://krebsonsecurity.com/2015/12/2016-reality-lazy-authent... I cannot remember where I read it, but there are services in Eastern Europe where you can hire someone to field questions at a call center. A calm detached criminal is going to be more convincing than a flustered person who cannot believe that their identity is being questioned. In general, there is nothing that you can ask me over a phone that cannot be asked to someone pretending to be me who can get the details in a variety of ways. To static questions there are static answers. If you perform two factor authentication properly, this is actually easier over a website than the phone. |
|
|