> but now they punish my wife with a 10-minute interrogation to prove her identity if she ever has to get them on the phone for a legitimate reason.
How is that punishment? If USAA knows you or your wife were a target of somewhat sophisticated attack that ultimately broke their security barriers, wouldn't you yourself actually want some extra protection? If anything, this is a positive sign for USAA, I doubt with my Bank of America anyone would care with any sort of extra layers of security if my account would ever get hacked in a sophisticated way.
I call it punishment because I don't think the attack was really sophisticated, I think USAA's internal training and software was wholly inadequate to defend against a persistent unsophisticated attacker. Why were they still routing his calls to regular bank tellers after the first couple attempts? Why wasn't the security department involved at that point as the only allowable contact point? Why did they actually hand out the login name and password for an account without doing the 10 minute deep-dive identity verification they now make my wife do?
How is that punishment? If USAA knows you or your wife were a target of somewhat sophisticated attack that ultimately broke their security barriers, wouldn't you yourself actually want some extra protection? If anything, this is a positive sign for USAA, I doubt with my Bank of America anyone would care with any sort of extra layers of security if my account would ever get hacked in a sophisticated way.