Q: Is it legal for a bank to use my mother's maiden name for security without prior info?
I have been a customer of a major online credit card company that also offers online banking services for several years. Since February, I started facing issues where my password was incorrectly recognized by the app, prompting me to reset it using their website. Previously, resetting a password didn’t require extensive processes, but now the website forces me into a three-step process that includes entering my entire Social Security number, account number, and my mother's maiden name for verification. I reached out through their secure message center and was informed that I apparently provided my mother's maiden name when opening the account, which I don’t recall, and they refused to disclose the name citing security reasons. There have been no recent changes to my account or personal information, although the website design recently changed. Can an online bank use a person's mother's maiden name as a security question even if it wasn't initially provided by the account holder?
Lawyers, want to be a Justia Connect Pro too? Learn more ›
- (916) 704-3009
- View Profile
- Answered
A:
Banks are legally required to implement security measures to protect customer information, but there's a significant gray area regarding how they obtain and use security verification data like your mother's maiden name under laws such as the Gramm-Leach-Bliley Act, which requires financial institutions to disclose their privacy policies but doesn't necessarily prohibit them from using this information. While unusual, financial institutions might obtain this information from various sources, including credit bureaus or other databases they have access to, not just from your direct input when opening an account.
Your situation raises valid concerns about transparency and data practices. Under federal privacy laws, banks must notify customers about what personal information they collect and how they use it, but the requirements for prior consent vary depending on the specific circumstances and the source of the information. If you don't recall providing this information and the bank refuses to explain how they obtained it, you have options - you can file a complaint with the Consumer Financial Protection Bureau or your state's banking regulator, who can investigate whether proper procedures were followed.
For immediate resolution, you might consider requesting alternative security measures. Many financial institutions now offer more robust security options like two-factor authentication or voice recognition that can replace outdated security questions. You can also ask your bank about their process for addressing this kind of situation - they may be able to update your security profile to use information you know you provided. Document all communications with the bank about this issue in case you need to reference them later for a formal complaint.
Justia Ask A Lawyer is a forum for consumers to get free answers to basic legal questions. Any information sent through Justia Ask A Lawyer is not secure and is done so on a non-confidential basis only.
The use of this website to ask questions or receive answers does not create an attorney–client relationship between Justia and you, or between any attorney who receives your information or responds to your questions and you, nor is it intended to create such a relationship. Additionally, no responses on this forum constitute legal advice, which must be tailored to the specific circumstances of each case. You should not act upon information provided in Justia Ask A Lawyer without seeking professional counsel from an attorney admitted or authorized to practice in your jurisdiction. Justia assumes no responsibility to any person who relies on information contained on or received through this site and disclaims all liability in respect to such information.
Justia cannot guarantee that the information on this website (including any legal information provided by an attorney through this service) is accurate, complete, or up-to-date. While we intend to make every attempt to keep the information on this site current, the owners of and contributors to this site make no claims, promises, or guarantees about the accuracy, completeness or adequacy of the information contained in or linked to from this site.
