And the other weak link -- people. My wife had several thousand dollars stolen from her account at USAA because someone called and managed to convince the phone rep to give them the login name and reset the login password. You'd think this kind of request would end up in the security department (where presumably the base level of suspicion is much higher), but nope. Took them six tries to reach a phone rep that would do it. Again, you'd think that multiple consecutive calls and getting denied would cause all future calls to automatically end up in the security department, but nope.
The head security guy at USAA and I had a talk where he explained in some detail how it all went down. He was refreshingly honest, and they didn't balk at getting our funds restored, but still -- humans are often the weakest link when they can defeat all of your security precautions. Probably the bank shouldn't give phone reps that much authority, and always require a dedicated security team response for such unusual situations.
The head security guy at USAA and I had a talk where he explained in some detail how it all went down. He was refreshingly honest, and they didn't balk at getting our funds restored, but still -- humans are often the weakest link when they can defeat all of your security precautions. Probably the bank shouldn't give phone reps that much authority, and always require a dedicated security team response for such unusual situations.