We moved a few months ago--just to a different suburb--but that means a new address. My husband's life insurance policy payment, with Prudential, was due, so I decided to pay it and call and change the address.
I knew there was a good chance that they wouldn't be allowed to change the address because I am, in fact, not my husband, but I thought I'd give it a try while I was thinking of it.
I was pleasantly surprised to find out that, I could, in fact, change the address without speaking to a human. Everything was going along swimmingly until the computer asked for the five-digit zip code.
This is an American policy and we live in Switzerland, land of the four-digit zip code. Curses. I needed an actual human.
The customer service rep, of course, wouldn't change the address. I said I understood and asked to speak to her supervisor. I got a supervisor and asked why I couldn't change it. "Security reasons, ma'am. You've said you're not your husband."
"But," I said, "If we had moved to New Jersey instead of Switzerland, I wouldn't need to talk to you. I could have just done it through the automated system."
"Ma'am, you're being recorded," he said as if I'd just made a threat.
And maybe I had. Changing an address for something that I didn't have permission to change would be a bad thing. But I do have permission to change it. In fact, my husband has begged me to learn to forge his signature so I won't have to hunt him down for things. (Never fear: I have not, even though his heavy travel schedule can make obtaining signatures a pain in the behind.)
I asked him to explain how their voice response system was secure. He just reiterated that he couldn't make a change. I asked to speak to someone who was authorized to speak to the press. He said, he stands behind what he says and he speaks for the company. Note, I'm not using his name here because I'm pretty sure he's not, and I'm pretty sure I was a thorn in his side, and frankly, he's just doing his job and he doesn't make policies or program the systems.
But, this whole thing reminds that security is a farce. This is why identity theft is such a problem. As we've moved from a system where we know the people who handle our banking and our insurance and even our paychecks (how many of you know who the payroll person is?) we've moved into a world where we depend on numbers to keep us safe.
In order to change the address for the life insurance policy, I needed a name, a birthdate, the last 4 digits of a social security number, the amount of the policy, and the policy number itself. That's it. If I was trying to deceive I could have just claimed my name was my husband's name and what could they have done? "Mr. Lucas, your voice sure is high pitched!" "Yes, yes it is. Let me give you my new address."
Because the customer service supervisor couldn't transfer me to or even give me a name for a press contact, I Googled and found it easily enough. I contacted Prudential's PR department and asked for a response Monday evening. I got a response on Tuesday from Sheila Bridgeforth VP, Retail Strategy & Media Relations, saying, "We are in receipt of your inquiry and are currently looking into the matter. You will be contacted shortly."
Of course, no such thing has happened. Whether they are hoping I'll just go away, or have no good response, I don't know. But here's the reality: even our secure systems aren't secure when we have no clue who the person on the other end of the line is. And this isn't really about Prudential--their policies are standard across many industries.
Being able to recite numbers is something that's pretty easy to do. And if you think your social security number is secret and safe, I must laugh. It's in a zillion systems. Sure, in theory, it's all hidden behind code, but someone wrote that code, which means someone can access the real number.
Blockchain technology is supposed to solve all this, and from what I can tell, it's much better than a voice response system at a life insurance company. But, as Technology Review says, according to Neha Narula, director of MIT’s Digital Currency Initiative, "Even when developers use tried-and-true cryptographic tools, it is easy to accidentally put them together in ways that are not secure."
We're not at Blockchain level security in most of the secure systems we deal with. But, unless we're willing to go back to small-town life where we have to visit the insurance agent personally to make any changes to a policy, we're going to be stuck trusting automated systems and laughing at the added layer of security when you can't go through the automated system.
Who knows when my husband will get around to changing his address with Prudential. But he'll have to ask me for the details like policy number and amount of insurance because I take care of all that stuff. He hasn't got a clue.