July 06, 2005
My bank is screwed up - mixing up online accounts!(Posted by francois to: worst practices )
I have a business account with TD Banknorth. When I logged in this morning I almost had a heart attack - my account was $30K below what it should have been. After checking for past transactions, I found that someone had retrieved $20K from the account recently. You can imagine what direction my blood pressure was going at that point. Then I realized that most transactions looked unfamiliar. After nosing around a little more, I found out that I was in some other person's account. Yes, you heard me right - I had full access to some other person's account!
I immediately called the phishing and identity theft hotline and spoke with two different people. They reset my password and told me that the wrong customer number had been assigned to my account - which is why I got into some other person's account. After resetting my password and attaching the "right" customer number to my account, I could no longer get in at all. Since I had requested to speak with a supervisor about this severe security breach, they told me that a supervisor would get back to me and help me with all my problems - within the hour.
Four hours later, and after receiving no return call, I called again, only to find out that there was no history of my call in their system and that my account was again attached to a wrong customer number. By now I was starting to seriously lose my cool. The only good news was that after this guy fixed my problem I could get in the account and confirm that everything was the way it was supposed to be. When I asked him how this could happen, he told me that the account was probably set the wrong way at the very beginning when I set up online banking with them. And when I told him that I had accessed my account online before, he brushed it off saying that the system sometimes reassigns customer numbers...WHAT??? You mean this could happen randomly?
I demanded to speak to a supervisor about what I consider a serious security breach - specifically I wanted to know whether the other person would get notified of the breach in his account and how they could guarantee that this would not happen again. The rep told me that he would have a supervisor call me - "hopefully" today (can you believe the arrogance?) - but that there was no way that they would contact the other person since they did not know whose account I had been in. As it turns out, the minute I realized I was in the wrong account this morning I printed copies of all the pages I had visited that were still in my cache. So I had that person's account number! He took it but did not give me any indication of what he was going to do with it.
It's now another hour and a half later and guess what - still no return call.
Posted by francois at July 6, 2005 03:00 PM | Bookmark This
TrackBack URL for this entry: