I hate Citibank



  • So last month, I switched to online payments for my student loan.   I had consolidated everything through Citibank and set up my account with them.  Because I think they're useless, I waffled at the security questions.  I haven't had trouble remembering a password in years. 

    Turns out that it wasn't for simply password help.  They actually want me to answer those questions every time I log in!

    So I click on the "forgot my answers" link and they send me this email 

    Dear belgariontheSwamp,

    This e-mail has been sent in response to a request for a Key Code.  blah blah blah.

    Your initial Key Code is 1337 (obfuscated). This Key Code will allow you to reset your security questions.  Please note that the Key Code will only be valid for 30 minutes.

    Blah blah blah

    So I went and put in the key code, and they STILL made me answer the questions!  I want to take my business elsewhere.



  • I go through that every month, too.  At least they resolved that problem where you also had to confirm your contact information every single time you log in.  Why do they put so many stepss in the way of me giving them money? 



  • @belgariontheking said:

    So I went and put in the key code, and they STILL made me answer the questions!  I want to take my business elsewhere.

    Yeah, I have the same problem with Citibank.  I always put in random gibberish into the security questions so nobody can guess the answer and bypass my secure password.  The problem is that they want my "security answer" before I can add the bank account to my online profile.  They don't even tell me the security question.  If you click help it says something like "Your security answer  was set up when you applied for the account.  You provided the answer to a security question.  Your question could be the name of your High School, your favorite sports team or anything else."  I mean, WTF is that?  So it's like a password but far less secure and they won't even tell me the goddamn question.  Fuck.



  • I think I need to add security questions on my mason jars in the back yard.

    Anyone know of paper and ink that won't degrade in a short time while buried outside? 



  • @KattMan said:

    I think I need to add security questions on my mason jars in the back yard.

    Anyone know of paper and ink that won't degrade in a short time while buried outside? 

     

    Maybe. Where do you live?



  • I disagree. Without these security precautions anyone, even criminals, could hack into your account and pay for your loan. Better safe than sorry.



  • I had this problem with Sallie Mae. Called up their support line and got told "it was for my security in case someone got my password".

    Now, considering their password requirments/security make it immune to brute force attacks, under what circumstances would someone that managed to get my password have any trouble knowing my security questions?



  • @Cyrus said:

    Now, considering their password requirments/security make it immune to brute force attacks, under what circumstances would someone that managed to get my password have any trouble knowing my security questions?
    All seven of my personalities have schizophrenia and tend not to remember anything any of the others have done, thus if one of us is social engineered you have a very small piece of the required information. Maybe you should get schizophrenia too.



  • I think they should ditch the textbox-based security question in favor of security-question checkboxes. Yes or no questions would be much easier to remember. To make it more secure, they could ask 4 or even 5 questions -- that's got to be, like, hundreds of possibilities! So if the system locks you out after 3 tries, well that's goodnight for the hackers.



  • @shadowman said:

    I think they should ditch the textbox-based security question in favor of security-question checkboxes. Yes or no questions would be much easier to remember. To make it more secure, they could ask 4 or even 5 questions -- that's got to be, like, hundreds of possibilities! So if the system locks you out after 3 tries, well that's goodnight for the hackers.
     

    Potential questions:

    • Have you ever killed a man in Reno?
    • Have you had a milkshake recently?
    • Is it windy outside?
    • Do you like candy?


  • @MasterPlanSoftware said:

    Potential questions:

    • Have you ever killed a man in Reno?
    • Have you had a milkshake recently?
    • Is it windy outside?
    • Do you like candy?

    I love how two of the questions have different answers depending on when they were answered.



  • @morbiuswilters said:

    @MasterPlanSoftware said:

    Potential questions:

    • Have you ever killed a man in Reno?
    • Have you had a milkshake recently?
    • Is it windy outside?
    • Do you like candy?

    I love how two of the questions have different answers depending on when they were answered.

     

    ...and the other two have obvious answers.



  • You forgot

    • Does your milkshake bring all the boys to the yard?

     



  • Had very few problems with Citibank online...

     

    Except recently when logging in from work they want me to enter all sorts of private data, like my complete account number and CC number... Kinda wierd so I wait till I get home...

     

    However I was almost late for 1 payment once... I payed my wife's Khol's bill. 1 day later the payment did not go though, infact there is NO record of it anywhre. I call up tech they can't find me even submitting it. Apparently it failed and even wiped from their database caz "we never fail"! I kept trying with no success. At least 4 times it just dissappeared. No record, no transaction failed, no "please contact support", just did not exist!

    I called up Khol's with my issue, and paid by phone... then next month it started working... Well at least I had a nice chat with John from Citibank who had an overly strong Indian accent!



  • @KattMan said:

    I think I need to add security questions on my mason jars in the back yard.

    Anyone know of paper and ink that won't degrade in a short time while buried outside? 

    Papyrus and leather paper with ink made from lampblack (soot), gum, and vinegar seemed to work okay for the dead sea scrolls.

     If I may, I will suggest a security statement instead of a question on the mason jars. I think "Live goat semen" ought to keep most people out.



  • @dlikhten said:

    Well at least I had a nice chat with John from Citibank who had an overly strong Indian accent!
     

    Alright, thanks TunnelRat.



  • @MasterPlanSoftware said:

    @dlikhten said:

    Well at least I had a nice chat with John from Citibank who had an overly strong Indian accent!
     

    Alright, thanks TunnelRat.

     

    Huh?

    Edit: Did you make the stupidestmanonearth site? 



  • @dlikhten said:

    Huh?
     

    How does his Indian accent have ANYTHING to do with ANYTHING?



  • @MasterPlanSoftware said:

    @dlikhten said:

    Huh?
     

    How does his Indian accent have ANYTHING to do with ANYTHING?

     

    O, it doesen't, just saying everything is oursourced :P

    No it does nut hav anything to do width anything in any shape or form whatsoever and sorry for bringing it up i promice to naver bring up uslass infarmation evar agein!



  • @dlikhten said:

    O, it doesen't, just saying everything is oursourced :P
     

    Right. Same assumption Tunnelrat would make.

     

    Really, grow up. This extra retarded spelling/grammar is obviously on purpose so all you are doing is polluting in the forum.



  • @MasterPlanSoftware said:

    @dlikhten said:

    O, it doesen't, just saying everything is oursourced :P
     

    Right. Same assumption Tunnelrat would make.

     

    Really, grow up. This extra retarded spelling/grammar is obviously on purpose so all you are doing is polluting in the forum.

     

    I am so sory! Look what yuo need to do is to start yuor own website! Call it: www.SpellingNaziExtravogenza.com anyone posting there sholud git an ere fool of spelling/grammar mistaks in their post!



  • @dlikhten said:

    @MasterPlanSoftware said:

    @dlikhten said:

    O, it doesen't, just saying everything is oursourced :P
     

    Right. Same assumption Tunnelrat would make.

     

    Really, grow up. This extra retarded spelling/grammar is obviously on purpose so all you are doing is polluting in the forum.

     

    * snip stupidity in written form*

     

    Isn't there a cave you could fall in to and never return? 



  • Not to be picky, but I counted 3 questions that might differ depending on when they were answered.



  • @Rick said:

    Not to be picky, but I counted 3 questions that might differ depending on when they were answered.
     

    3 questions where? Who are you replying to?



  • @belgariontheking said:

    So I went and put in the key code, and they STILL made me answer the questions!  I want to take my business elsewhere.

    It's BOFH! "This code will let you change the questions... after you answer them! Muahahahaha!"

    I always like to make my questions and answers total non sequiturs. Like they'll have the question in the dropdown, "what was your favorite teacher's name?" and I'll enter "Philadelphia" as the answer. Then whenever I see the site, my internal WTF detector goes off and reminds me of the obvious stupidity I committed there.

    Unfortunately, sometimes they redesign the site, which then doesn't set off the visual pattern recognition that fires the WTF detectors... which leaves me in pretty much the same boat you're in.



  • @shadowman said:

    I think they should ditch the textbox-based security question in favor of security-question checkboxes. Yes or no questions would be much easier to remember. To make it more secure, they could ask 4 or even 5 questions -- that's got to be, like, hundreds of possibilities! So if the system locks you out after 3 tries, well that's goodnight for the hackers.

    I dunno.  At least one of the (if not all three) credit reporting agencies do that, and I got tripped over it a couple years ago.  It automatically picks a few items from your credit history to ask you about.  Things like "approximately how much was your last mortgage payment".  That year I had opened an account with ExxonMobile to get a gas card.  When I later went to get my yearly credit reports, one of the questions was "which of the following companies have you recently opened an account with" and the choices were:

    a.  Exxon

    B.  Mobile

    C.  some other place I've never done business with.

    Drat, how can they separate them like that?  So I got my gas card and looked at it.  Everywhere the company name was printed it said "ExxonMobile".  I chose one at random and... wrong!  Just goes to show, I guess, that if there's any possible way to screw something up, they will.



  • @jetcitywoman said:

    At least one of the (if not all three) credit reporting agencies do that, and I got tripped over it a couple years ago.

    I hate those things. It's like taking a test that I didn't study for. It asks crazy things about previous addresses and various debts. The debt ones are really screwed up because the name that is reported to the agency doesn't always match the public-facing name. For instance, I always thought of my Rhodes Furniture one as exactly that, but it's "Household Bank" that did the actual financing. It took me quite a while to get that straight.



    With the mortgage one, they provide values that are too close to each other. Since I pay escrow and my payments change every year (escrow adjustments, mostly), I don't know which value was last reported.



    Just scan my fingerprints or retina and get it over with already!



    On topic: I haven't had any problems with Bank of America. In fact, they added in another security option: Rotating pins that can be sent to your phone. 5 layers of security FTW!



  •  @MasterPlanSoftware said:

    @Rick said:

    Not to be picky, but I counted 3 questions that might differ depending on when they were answered.
     

    3 questions where? Who are you replying to?

    There's an 'In Reply To" Link at the top right of the message.  But I agree, quoting would certainly have helped there.



  • @morbiuswilters said:

    @MasterPlanSoftware said:

    Potential questions:

    • Have you ever killed a man in Reno?
    • Have you had a milkshake recently?
    • Is it windy outside?
    • Do you like candy?

    I love how two of the questions have different answers depending on when they were answered.

     

    3 questions.

    • Have you ever killed a man in Reno?
    • Have you had a milkshake recently?
    • Is it windy outside?


  • @bstorer said:

    Isn't there a cave you could fall in to and never return? 
     

    Nope it is a shack... I believe it is called SwampShack... But that could also just be an urban legend 



  • Does ANY bank in USA use some better 2-factor auhtentication than security questions? I mean, even in Finland, every bank (well, okey, there is a single one that only uses single use password + username) uses a card that normally countains 100 single use passwords (like "0001 173284" where 0001 is the part bank provides you and 173284 is the part you are supposed to enter). Most of the banks ask it right after logging in. SampoPankki used to (the new system is completly WTF. Just look the HTML, http://verkkopankki.sampopankki.fi) have the (imo) most secure solution: First you need to login with your normal username+password. After that, they asked for a random single use password from the card. Then you can do stuff like checking account statement etc. You can also enter bill's details. Once you have entered all the bills you want to pay, you need to approve them. That requires another single use password. Of course, stuff like buying & selling stocks etc. requires a single use password as well.



  • @CDarklock said:

    I always like to make my questions and answers total non sequiturs.
     

    SpectateSwamp...is that you? 



  • @morbiuswilters said:

    I love how two of the questions have different answers depending on when they were answered.

    Only two? You are either a wussy pacifist, or are so awesome you killed a man in Reno during your birth. 



  • @Rick said:

    @morbiuswilters said:

    @MasterPlanSoftware said:

    Potential questions:

    • Have you ever killed a man in Reno?
    • Have you had a milkshake recently?
    • Is it windy outside?
    • Do you like candy?

    I love how two of the questions have different answers depending on when they were answered.

     

    3 questions.

    • Have you ever killed a man in Reno?
    • Have you had a milkshake recently?
    • Is it windy outside?

    If you're gonna get real picky, all four can change.  My point was that two of them are so variable that you likely won't remember the answers when you return to the site.  Of course, I suppose somebody end up asking themself "Did I knife that hobo before or after I opened the Citibank account?"



  • @morbiuswilters said:

    "Did I knife that hobo before or after I opened the Citibank account?"
     

    Or during?!

    Wait... What?



  • @Buzer said:

    Does ANY bank in USA use some better 2-factor auhtentication than security questions?
     

    Hate to tell you this, but this is still single factor.  The single use password thing would be two factor if they were printed on something you have. 



  • @MasterPlanSoftware said:

    @morbiuswilters said:

    "Did I knife that hobo before or after I opened the Citibank account?"
     

    Or during?!

    Wait... What?

    I doubt you knifed him while you were opening the account. Then you'd miss the satisfaction of watching him die.



  • @SuperousOxide said:

    I doubt you knifed him while you were opening the account. Then you'd miss the satisfaction of watching him die.

    Are we counting from when the knife first enters his flesh or from when he draws his last breath on the mortal plane?  Because you could knife him and then call up Citibank and watch him die while on hold. 



  • @shadowman said:

    There's an 'In Reply To" Link at the top right of the message.
     

    Which reminds me, did we ever get an explanation about why the posts no longer have the post number and the post number it's a reply to?



  • @MasterPlanSoftware said:

    @morbiuswilters said:

    "Did I knife that hobo before or after I opened the Citibank account?"
     

    Or during?!

    Wait... What?

     

    I've wanted to knife someone while closing a bank account, but never while opening one.  There's still time, though... 



  • @bstorer said:

    Which reminds me, did we ever get an explanation about why the posts no longer have the post number and the post number it's a reply to?
    The forum software was upgraded.



  • @Lingerance said:

    @bstorer said:
    Which reminds me, did we ever get an explanation about why the posts no longer have the post number and the post number it's a reply to?
    The forum software was upgraded.

    I love upgrades that remove functionality. Strangely, the comments to the front page stories still have post numbers...



  • @Lingerance said:

    @bstorer said:
    Which reminds me, did we ever get an explanation about why the posts no longer have the post number and the post number it's a reply to?
    The forum software was upgraded.
     

    I know, but how is this an upgrade? 



  • @KattMan said:

    The single use password thing would be two factor if they were printed on something you have.

    They are. The card has 100 single use passwords and once there is 10 or so left, the bank will use snail mail to send you a new one.



  • @morbiuswilters said:

    If you're gonna get real picky, all four can change.  My point was that two of them are so variable that you likely won't remember the answers when you return to the site.  Of course, I suppose somebody end up asking themself "Did I knife that hobo before or after I opened the Citibank account?"

     

     Oh, man.  Thank you.  That's the hardest I've laughed all week!

    (the real wtf: where's the "preview post" button?)



  • @Kozz said:

    (the real wtf: where's the "preview post" button?)

    It is a tab at the top.



  • @bstorer said:

    Which reminds me, did we ever get an explanation about why the posts no longer have the post number and the post number it's a reply to?
    Community Server is teh suck!

    Anyways, they do have the post number, but you have to look harder for it.  If you hover over the "in reply to" link, you can read the number of the post that it's in reply to.  If you hover over the little page icon in the top left of a post, you can read the number of THAT post.  You have to look at the bottom of the screen and read where the link takes you to read these post numbers.

    Stupid, I know, but I bet they think that that's good enough. 



  • @SuperousOxide said:

    Strangely, the comments to the front page stories still have post numbers
    It only uses the forum's DB and not the software from my understanding.



  • @belgariontheking said:

    @bstorer said:

    Which reminds me, did we ever get an explanation about why the posts no longer have the post number and the post number it's a reply to?
    Community Server is teh suck!

    Anyways, they do have the post number, but you have to look harder for it.  If you hover over the "in reply to" link, you can read the number of the post that it's in reply to.  If you hover over the little page icon in the top left of a post, you can read the number of THAT post.

    Stupid, I know, but I bet they think that that's good enough. 

     

    Or you could just click the link, and automatically go to the post...



  • @MasterPlanSoftware said:

    @Kozz said:

    (the real wtf: where's the "preview post" button?)

    It is a tab at the top.

     

    Oh, heck.  I guess I've been spoiled expecting to see it as a button (not a tab) positioned near the "post/submit" button.  But arguing about the UI would lead to some serious digression in this thread, wouldn't it? 

    </tongue-in-cheek> 


Log in to reply