From the creepy “How Did You Know?” file, comes this experience signing up for a personal Federal Express delivery services account for myself. In order to “validate” the new account—presumably to ensure someone wasn’t impersonating me in order to get notification of when packages were being delivered to me and thus intercept them—they ask four personal multiple-choice questions:
- In what month was Melanie (my wife who they mentioned by name) born?
- Which of the following people am I “associated” with?
- What was the recorded sale price of my home?
- Which of the listed counties have I lived in?
Each question had four possible answers. The second question listed four people and it turned out that the one I’m “associated” with is my half-sister’s fiancé. Now, to be honest, I’m not close with my half-siblings; they’re much younger than I am and from my dad’s second marriage. I knew she was engaged and I could have guessed at his first name, but I couldn’t have recalled the last name off the top of my head. But since the first name guess was on the list for only one of the people, I chose it. I was right.
What’s creeping me out is that Federal Express knew who he is, but I didn’t. But the sad reality is that, as a security measure, these questions are terrible. It’s obvious that they’re data-mining publicly available records, including social media. and if they could find that information, someone impersonating me could. In fact, I bet I could easily find the answers to questions 1, 3, and 4 for most people through some Google searching1 and question 2 if they have a fairly open social media presence (which I’m guessing they rely on in order to get that answer.)
FedEx says they don’t store this information, but that’s no comfort, because they already had it to begin with. The information came from somewhere and could just as easily be retrieved.
So what we have is a creepy Big Brother corporation that uses personal information in a creepy “we know you” way, but in a way that provides no actual security. Great. What else do they know? And if they know it, who else can get this stuff? We’re living in a new era.
- A spouse’s birthday would be standard social media searching and if I knew their address in order to signup for the account, the last sale price is in Zillow, among other places. ↩