Traveler's Online Security WTF



  • I needed to pay my annual renter's insurance bill. I thought that I would just hope online and take care of it 5 minutes. I log on to travelers.com (website of the $26 billion corporation, Traveler's) and select the option to create a new account, and here are the steps:

    Access to MyTravelers requires two steps:

    Step 1: Create a personal User ID and register at least one of your accounts. 

    Step 2: You will receive a one-time PIN (Personal Identification Number) in the mail within 3-5 business days.  You will need to use your PIN in order to complete the registration process.

    <FONT color=#810081>http://www.travelers.com/iwcm/MyTravelers/Info/registrationhelp.html</FONT>

    Are you kidding me? There goes the whole online convenience factor. I can only remember one other site doing something similar -- the Department of Education's student loan automated payment system. I thought even that was overkill too, but perhaps a little more justified since it was a $15,000 loan (although I be thrilled if someone could hack into that account and pay it off for me) and you expect those kind of pointless bureautic hoops from the gubmint.

    But WTF is Traveler's thinking here? I want to make a one-time $135 payment. I don't want to wait 3-5 days for a PIN in the mail. So I decided to call their 800 number and I enter my account number, zip code, and bank routing/account numbers and hang up the phone three minutes later.



  • Rimpinths wrote:

    Blablabla I log on to travelers.com (website of the $26 billion corporation, Traveler's) blablabla

    But WTF is Traveler's thinking here? I want to make a one-time $135 payment. I don't want to wait 3-5 days for a PIN in the mail. Blablabla

    I say:

    Maybe Traveler's don't distinguish between small customers and big multi-million account clients. Just feel honoured that they think your business with them is important enough to ensure that you are you, or at least that you live at a real address.

     Captcha: What captcha? I had to register to reply.



  • I will comment on this once I receive my password in the mail. 

    But seriously, say that I find one of your statements in the trash.  I go to their website and register to access whatever there might be about your account online.  When you see the PIN mailer, you'll be suspicous, and I won't be able to access anything.  If they just sent the PIN to an email address, I could give them one of mine and you wouldn't have any idea what was going on.  I suppose I could watch your mailbox if I was ambitious, and grab the mailer before you see it.  



  • Besides the student loan, I also had to do the same recently to pay my AT&T bill online; they had an option to call you on your phone instead of mailing the code, but since I just get internet service from them (I don't have POTS in my apartment), I had to go the snail-mail route.

    Is it inconvenient? I suppose, if you have to pay your bill right now lest you get nicked a late fee or something. But really, I didn't mind too much having that money sit in my bank account for a couple more days.



  • Can some american please explain this, because I don't understand a thing...  Why do you have to set up an "account" with the recipient? Presumably you already are a customer, and have a customer number, and so on. In my world, to make a simple payment like this, you do this:

    1) Log onto your own bank

    2) Create a new payment

    3) Enter the recipients account number

    4) Enter the ID of the bill, or your customer number as a reference for the recipient

    5) Sign (electronically)

    ...and you're done. Works for everything, everywhere. Is the american banking system really that backwards? 



  • Same here... although if I recall correctly, I did have to wait for a PIN number (and, with one of the banks, a card/card reader thingy) to be snail-mailed to me when I first signed up for internet banking. Maybe the OP is paying by credit card.

     Edit: I have heard weirder things about the American banking system... like if you give somebody your bank account number, they can take money from your account. Which would make it rather risky for companies to give their bank account numbers out to clients.



  • @AccessGuru said:

    I will comment on this once I receive my password in the mail. 

    But seriously, say that I find one of your statements in the trash.  I go to their website and register to access whatever there might be about your account online.  When you see the PIN mailer, you'll be suspicous, and I won't be able to access anything.

    I would be surprised if that worked, because (if Traveler's was sane) you would have to know Rimpinth's SSN, date of birth, etc.  The full account number is probably printed on the statement, though.

    @AccessGuru said:

    If they just sent the PIN to an email address, I could give them one of mine and you wouldn't have any idea what was going on.  I suppose I could watch your mailbox if I was ambitious, and grab the mailer before you see it.

    Again, you would probably have to know a decent amount about Rimpinth to get to the point where you were giving them your email address. 




  • @NSCoder said:

    I have heard weirder things about the American banking system... like if you give somebody your bank account number, they can take money from your account. Which would make it rather risky for companies to give their bank account numbers out to clients.

    It is common that many companies accept "electronic checks" as payment instead of credit card. It is less common to give out your bank account number to someone so they can deposit money directly into your account instead of waiting on a check, etc.

    In my case, I let my brother make a one-time payment to his cellphone because I was using the account. However, he then turned around and used it repeatedly on 900-number sex chat lines -- TRWTF being that 900-numbers accept bank account numbers now. At any rate, when I tried to get Wachovia to refund it, they told me it was my fault because "you gave out your number". I explained that I use it all the time to pay bills, some of them over the phone, so what's the difference in a secretary/data entry clerk stealing my number in that transaction compared to my brother using it for alternate purposes when I explicitly told him to only use it the one time. They basically would not stop trying to come up with excuses. Eventually, I wore them down to where they gave me my money back, and I closed the bank account. I'm now with Bank of America.

    Before I closed the account, I had them give me all the contact information for each debit listed. I then called up each one and demanded an invoice for each charge. I then filed a police report on the incident. Did you know there isn't a law out here that covers misuse of a bank account number in that manner? The closest thing is Check Fraud/Forgery, but the laws specifically cover paper checks. No one has updated it to cover "electronic checks", etc, but they do have them for credit card fraud, etc. The officer told me that it basically would be a civil issue. When I went to the court, they told me I'd need to know the exact address where my brother lived. I told them that I had no idea since he didn't have a permanent address. They said they couldn't do anything, then. I got so pissed off during all of that.



  • @boh said:

    5) Sign (electronically)

    ...and you're done. Works for everything, everywhere. Is the american banking system really that backwards? 

    It's people that are backwards. Some are still writing paper checks (cheques) in grocery store, rather than just use bank card.

     



  • AbbydonKrafts: You sued your own brother over some petty theft?  Your dysfunctional family relations sound like the real WTF in all this...



  • @seaturnip said:

    AbbydonKrafts: You sued your own brother over some petty theft?  Your dysfunctional family relations sound like the real WTF in all this...

    No. I couldn't sue him without going through hoops. I don't count $300+ as petty, especially with my income at the time. And trust me.. dysfunctional is an understatement. He was addicted to meth (and who knows what else), wouldn't keep a job because he always thought he was boss, makes death threats to everyone, etc. I have done many things for him. I've given him two cars, let him stay at my house multiple times (I had to kick him out the last time because he got violent with my wife), loaned him money, etc. He quickly wrecked the first car I gave him and is currently living out of the second one. After I gave him the last car, he quit making death threats behind my back (my dad would tell me all the stuff he'd be saying).



  • @AbbydonKrafts said:

    I have done many things for him. I've given him two cars, let him stay at my house multiple times (I had to kick him out the last time because he got violent with my wife), loaned him money, etc.
    As kind as you are; I would suggest a wiser and more mutually beneficial course of action would have been to pay for some professional therapy for your less morally inclined brother.



  • Kaiser Permanante works the same way if you intend to use their web site to manage your health care. By the time I ever get the mail I've already seen the doctor and moved on with my life. Next time I want the website of course I have no idea what happened to the PIN they sent me in the mail ... send request, pick up phone, speak to actual person ... repeat. 



  • Oh my, this thread has definitely take a strange turn.

    I still think the snail mail PIN is a WTF. Like I said, the only other website that had a similar process was the Department of Education's. My bank, credit card companies, and brokers have all seemed to figure out an online registration process that doesn't require snail mail. Either it's a Traveler's WTF that they require it, or a WTF that the other 99% of companies have missed this potential security breach. Maybe Traveler's problem is that they are so big that they can't separate the million dollar accounts from the little people like me that just want to log on and make a quick payment. The process is easy by phone -- took me three minutes -- why does the website get treated so differently?



  • Kaiser, and probably Traveler's too do this in the name of 'pseudo-security'...

    Because of course postal mail is much more secure than e-mail, except for the bit about the fact that we keep getting mail for 67 [Cross-Street] instead of 67 [Our-Street] and probably the reverse is happening too ... and no one would ever pick through the mail trying to steal your identity ... 



  •  I haveto do this for Comcast now.  Except, I already had my account set up.  Then, when I tried to sign in to pay my bill for January, I was greeted with "In accordance with FCC regulations, we are adding an additional layer of security to better protect the privacy of your account." and asked to enter the PIN they mailed me.  I never got a PIN in the mail, so I called the 1-800 number like it suggested and customer service said they'd send me another one.  By the time I had to pay the bill for February, it still hadn't come.  I called again, and this time a supervisor was supposed to call me back with a PIN but that never happened either.

     

    My account sure is secure now. 


Log in to reply