Security questions are another form of identity verification used by financial institutions and other organizations. The increase in fraud and identity theft has prompted these companies to implement additional security in an attempt to distinguish you from an imposter. But do they work?
What Are They
Before we look at the effectiveness of security questions, we need to understand how they work. Security questions are not to be confused with knowledge-based questions or answers. If you are asked a knowledge-based question your ability to answer it correctly authenticates your identity. With knowledge-based questions, the organization already knows the correct answer. You were never asked to create an answer. The answer to knowledge-based questions is retrieved from a database containing information about you, such as your credit history report. If you answer the question incorrectly, you will not be permitted to access the account or information which you were seeking.
Security questions, on the other hand, are questions to which the answer is the one that you provide. Any answer you provide becomes the right answer. To make it easier, let’s look at an example. If you were asked, “what was your high school mascot?” Your answer could be “blue” or “chair” or any word or word you wish to use. This answer then becomes the correct answer from that point forward.
Most people tend to answer security questions with real answers. Why? Because it is easier to remember, and it is the truth. This is where security questions become risky. If you choose to answer them with real answers, you run the risk of an imposter being able to answer them as well. Think about a few of the most common security questions.
- What was your high school mascot?
- What was the name of your middle school?
- What was your first car?
- What is your favorite movie?
A simple internet search could reveal most of these answers. Don’t believe me? Have you ever participated in a social media poll, quiz, or game? These are the ones that typically start with “let’s get to know each other better” followed by a series of questions that appear to be innocent enough that you let your guard down and play along. Or perhaps, in your profile, you mention where you went to school as well as your hobbies and interests. All of these are designed to harvest your security question answers. A few years ago, a local celebrity posted “this was my first car, what was yours” on her social media page. Within an hour, there were nearly a hundred replies to the post from followers. All of them contained information about their first car. I contacted the organization where this person worked and suggested that the post be removed. The person inquired as to why it needed to be removed. I explained that the post was a common security question. The person on the phone paused and said, “that is the security question for my bank account.” The post was immediately removed.
Now that you know the risk of using real answers, you are probably thinking “great; now I have to remember fake answers along with all of my passwords and PINs.” Don’t panic. I have a simple solution. I call it a “one-off.” Instead of answering the security questions based on your information, choose someone that you know to be your answer key. Then answer the security questions how that person would answer the question. When asked, “what was your high school mascot” you would not put your high school mascot. You would answer with your answer key person’s high school mascot. Your answer key person could be a relative, best friend, or favorite movie character. The only person I do not recommend using is the person that has the same answers as you. That would defeat the purpose of using the one-off. By using the one-off method, you do not have to remember fake answers. The only thing you need to remember is the person that is your answer key.
Last week Capital One announced a data breach impacting over 100 million consumers. We have received numerous calls from consumers and media asking what those impacted should do. What if you didn’t have to worry about the next big data breach? What if you could take...
As the saying goes, “With great power comes great responsibility.” That’s particularly true when it comes to social media.
The Capital One data breach could present more than financial risks to those involved.
Stay Up to Date With The Latest News & Updates
Already a victim?
Griffon Force has assisted victims of identity theft and fraud for 15+ years. We can help you too.
Call (239) 325-5155
Join Our Newsletter
Each month you will receive articles just like this in your inbox.