*Editorial Note: This content is not provided or commissioned by the credit card issuer. Any opinions, analyses, reviews or recommendations expressed in this article are those of the author’s alone, and may not have been reviewed, approved or otherwise endorsed by the credit card issuer. This site may be compensated through a credit card issuer partnership.
This article was last updated Sep 13, 2017, but some terms and conditions may have changed or are no longer available. For the most accurate and up to date information please consult the terms and conditions found on the issuer website.
This post contains references to products from one or more of our advertisers. We may receive compensation when you click on product links. For more information, please see our Advertiser Disclosure
A recent report revealed the magnitude of computer security breaches at companies across the U.S. has been on the rise, and that more than 25% of businesses do not have an established computer security plan. Within the past 12 months, there have been major hacks at Target, Michael’s, Jimmy John's, and Home Depot, to name a few. Even some of the largest banks in the country have been attacked and hacked.
In many cases, consumers have little or no power over the security of company databases that house their confidential financial information. Where you do have a significant amount of control, however, is when it comes to passwords and log-ins.
We have offered tips in the past regarding how to construct a stronger and less vulnerable password. Today, we’re offering advice about how you can amp up your defenses when asked to provide answers that facilitate 2nd-layer protections.
Tier 2 Defenses
What we mean by “tier 2” defenses are the second level security measures some companies have in place, which you will usually see when accessing an account online. I’m speaking of the instances when you are asked to give additional information to prove your identity. Examples include answering questions like:
- What high school did you attend?
- What is your mother’s maiden name?
- What’s the name of your first pet?
- What street did you live on as a child?
- What city were you born in?
Many consumers don’t give much creative thought to their answers, which is pretty natural. We are all accustomed to providing face-value responses when asked these kinds of questions, which are similar to the ones that we might have to answer for the Census Bureau. Perhaps our honesty when answering these types of security questions is actually making us more vulnerable to hackers online.
The System is Obsolete
The problem with tier two security tactics is that they are somewhat outdated since they were established before the rise of social media. Credit card companies have been using this line of questioning since long before corporate data breaches were even “a thing.” It’s even been reported that debt collectors are using social media, too, in an attempt to collect information. The protocol is basically obsolete, and if you answer factually it can be essentially worthless in terms of its ability to protect you from a slick, resourceful criminal who wants to steal your account data.
The only thing thieves have to do to harvest tons of personal information about you is monitor your activity and posts on social media platforms such as Facebook, Twitter, Instagram, and LinkedIn. Questions like, “What’s the name of your favorite pet?” was probably revealed that last time they posted a cute cat video to YouTube or Vine.
There are also realms of publically-available data about every American that can be accessed instantly by viewing public tax records or court documents online. It’s not that hard to locate someone’s Last Will and Testament, marriage license, real estate transaction documents, or even figure out their social security number –scary!
The bottom line is that a great deal of the factual information that constitutes your personal bio and profile is easy to locate, and that makes it really easy to learn the correct answers to 2nd-level security questions like “What is your mother’s maiden name?”
How to Reverse-Hack the Hackers
The good news is that with a little imagination you can beat the hackers at their own game by ignoring the facts and creating your own unique answers that cannot be found anywhere in the world. The key is to not answer questions directly, but use them as prompts to retrieve a different fact or piece of data.
Here are some examples:
- When asked what high school you attended, think of your school colors or mascot. Instead of your secret answer being “Eastside High,” for instance, it will instead be “Blue and Gold” or “Hawks.”
- When asked what your mother’s maiden name is, use that question to make you think of your favorite maiden. Answer, “Cinderella,” or “Snow White,” for example.
- When asked what street you lived on as a kid, try giving the name of your subdivision instead.
The possibilities are endless, and it can be great fun. Practice this technique of bridging one fact to another one, and soon you’ll get the hang of it.
Make the answers easy enough to remember so you can retrieve them without difficulty, while simultaneously creating enough of a disconnect to protect yourself from identity thieves trying to use your information against you.