|
|
|
|
|
|
by ghaff
1320 days ago
|
|
|
>The issue with this is that somebody could do this to "recover" account that does not belong to them. Paradoxically, there is some extra security in not allowing any social hacking by just not allowing any manual work on the account. That's the problem. The more flexible you are with helping a customer, especially just over a phone or computer, the more open you are to social engineering attacks. At least in the US, there are various processes involving notarized/Medallion signatures and the like. But at that point some not insignificant number of people will complain the processes are too onerous, they don't have a local bank, etc. |
|
|