[sathackr]

Fun fact:

Many financial institutions use the last 4 of your SSN as identity verification.

If you're a business, it's the last 4 of your FEI/EIN.

I know at least in FL, this is publicily available at sunbiz.org

So with the account number printed at the bottom of your paycheck/stub and the FEI/EIN, you can often authenticate to a financial institution and obtain privileged information.

I know this not because I was on the "hacker" side, but because I was involved on the financial institution side of it and caught this as part of my engagement. The institution was issuing new logins for its internet banking site and the password would have been based on the users name, zip code, and SSN/FEI/EIN, all 3 of which are available (in FL) on that sunbiz.org site.

[csours]

My last bank had the username for online banking set to the account number, and the password set to the last 4 of SSN by default. The password was limited to 4 characters, but they did allow special characters.

[DrScump]

Years ago, one of my credit unions used SSN as the account number... so every one of our checks had our SSN printed right on it.

[sathackr]

awesome!

In my experience, credit unions are usually worse than Banks on the security side. There are exceptions, but they are not the norm.

One credit union I dealt with always opened and closed with a single employee. Very dangerous for the employee. This same union kept the A and B part codes to their vault in a locked desk drawer(one of those cheap desk drawer locks that anyone can pick with a paper clip) in the lobby, and full internet access was available on all computers. Tellers all shared a single cash drawer and the teller PCs were routinely used by the tellers for general web surfing, Facebook, Pandora, etc...