Category Archives: Seriously?

When does too much security become a risk?

The other day I contacted my credit union to request a copy of a cancelled check.  A check –  that little piece of paper you give to the phone company, the mortgage company or in this case, the county for property taxes.  The same one you put in an envelope and entrust to the postman to deliver into other, unsecured hands so they can do whatever they need to do with it before they deposit it to their bank and the circle is complete.

I received the copy of my cancelled check via email but I was unable to view it or download it.  It seems my credit union has decided that I can’t be trusted with an image of my cancelled, and no longer negotiable, check.  I must first register my personal information with Cisco Systems so they can un-encrypt the email and allow me to view it.

Huh?

I just want to make sure I understand this – you want me to give my personal information to a third-party company I’m unfamiliar with, that I have no clue how they handle their data security, in order to see a digital copy of a nonnegotiable, cancelled check that has passed through several hands before being cashed – at which time any of the myriad of individuals who came in contact with it could have copied down my name, address and account number?

I have both my personal, professional, and family partnership accounts with this credit union.  If the personal information I’ve supplied this third-party were to be compromised and my financial accounts effected, who will be required to make good on the loss?  That’s right, my credit union.  If my accounts are breached, I file a complaint with them and the money is reimbursed.

So I have ask, why are they putting themselves at such risk?

Advertisements