More Privacy Urged for Account Data

Comptroller Questions the Use of Social Security Numbers as Codes

Consumer groups and regulators are pressing banks to beef up security procedures for telephone banking services that provide customers with confidential account information.

Customers can access many of these services with Touch Tone telephones simply by dialing a special number and punching in their account number and a portion of their Social Security number.

Regulators and consumer groups say using Social Security numbers as personal identification numbers, instead of special security codes, can cause breaches in security and privacy since those numbers are easily obtained from public documents.

The Office of the Comptroller of the Currency in Washington issued an advisory letter to bank executives late last month stating that banks should devise personal identification numbers, or PINs, for telephone access to accounts because Social Security numbers "may not safeguard account security for bank customers."

Examiners May Act

Banks' current security measures "could make the unauthorized access to customer accounts or frauds easier," the letter states. "The use of Social Security numbers as PINs could subject the bank to civil liability. In addition, national bank examiners may cite this practice as an internal control exception."

The letter does not require banks to offer special security codes.

"We're trying to discourage" the use of Social Security numbers, said a spokesperson for the Comptroller's Office.

Bankers say the use of Social Security numbers is a convenience for customers, and are easier to process than using special security codes. Most say that they have not received complaints from customers.

Service Keeps Costs Down

Telephone banking services, which have been around for several years, are heralded as a a convenient, low-cost way of providing customers with information about their accounts around-the-clock. Most of the services utilize voice response systems, eliminating the need for human operators to handle routine calls such as whether a check has cleared.

Consumer Action, a San Francisco-based consumer group, received complaints from bank customers who said their accounts were being accessed by third parties, such as ex-spouses, retailers, and collection agencies. The group conducted a survey in May and found that many California banks used Social Security numbers as PINs.

"We found that peoples' privacy was indeed being invaded through access to their accounts," said Mark Foster, policy analyst at Consumer Action. "Third parties had information about balances and deposits that they could only find out by accessing a customer's account."

Little Backing for Codes

Kim Kellog, a spokeswoman at Wells Fargo, said that in surveys of bank customers, less than one-tenth of 1% of customers said they wanted to use a special security code other than their Social Security number.

Executives at Manufacturers Hanover Trust in New York said that some customers have expressed concerns about the safety of using Social Security numbers, so the bank is about to switch to passwords.

Louis Gancila, vice president, consumer banking group, said that the bank was upgrading computer systems to handle greater call volume, and part of the upgrade included a switch to unique passwords.

"You have to build a system capable of storing the codes," said Mr. Gancila. "It's not a big deal. From the consumers point of view, if you feel uncomfortable using a Social Security number, you should have the option of getting a more secure password."

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.