I don't know, I have mixed feelings about this. It's akin to building even more inscrutable captchas or tightening up airport security measures every time a new breach happens. At best it might close one particular loop hole but at what cost and incovenience to millions of people and billions of transactions?
I had the misfortune to lock myself out of my bank account once or twice and the process for unlocking it was so dreadful (a 30 minutes interrogation with questions like "when and where did I make my last ATM transaction") that
since then I keep the required sensitive info in a GPG encrypted file so that I never have to call them again. Other equally frustrated but less tech savvy customers are probably doing the same with post-it notes. Is this an improvement?
I was out of town and went to make a large cash purchase. (The retailer added a very hefty 10% for using debit or credit cards.) So I ran into the problem of a daily cash withdrawal at the ATM. I also did not have anything with me other than an ATM card and a Credit card with me (No ID). Turned out the bank didn't even ask for my ID when I went in. I just explained my situation and they just handed over a couple thousand...
> Security at the bank seems discretionary at best
No, it is a cost benefit decision. Do you know they don't check the signature on cheques or credit card transactions? Heck I bet if you mail in a change of address they will go ahead and do it, possibly sending something to your old address.
The reality is that fraud is at low levels compared to legitimate transactions. Putting in lots of extra hoops just makes the legitimate transactions harder, and chances are it won't affect those trying to commit fraud since they have a wide variety of things to try while tellers don't (eg fake id in this case).
In this specific case, anyone coming into the branch is on security cameras inside and out. TV shows, the Internet and technology make it increasingly easier to match up the footage with real people. And the bank doesn't bear the full costs of any investigation since they are passed off to the police/FBI.
If you ran the bank would you add a dollar in expenses and one minute per transaction that has a 10% chance of catching fraud, and fraud occurs one in every 25,000 transactions? Would you have the same measures in every branch across the country or have their expense and severity proportional to the amount of fraud that does actually happen at any location?
Despite what we see in films and TV shows, bank robbery is pitiful way to not make money:
1) Cost benefit analysis and discretionary security is not mutually exclusive. It's cost benefit analysis ergo discretionary security.
2) Crime pays. You just have to be sophisticated and powerful enough to not be indicted. (TARP?)
The interesting thing about your comment is when you apply your logic towards combating terrorism. The cumulative harm of prevention of terrorism outweighs the damage and death caused by the terrorism itself. The 'cost-benefit analysis' must take into account the 'positive' externalities for those who advocate those policies.
On 1) that is what I meant. The level of security measures is proportional to the risks, and a realisation that every measure costs time and money.
For 2) white collar crime certainly has shorter prison sentences in the US. It is a little harder to apportion blame as directly as with a bank robber. The general cause of problems has been the US government bailing out creditors. Because of that creditors have been laxer in their standards, had lower oversight and a greater tolerance for risk. This is virtually US government policy and has been going on since the 1984 rescue of the creditors of Continental Illinois. Ultimately fixing this involves fixing the US government and the corruption of Congress - see Lawrence Lessig's talk about they operate around money - and smaller things like regulatory capture.
The response to 9/11 has been to massively amplify the original effects, giving a huge return on investment to Al-Qaeda. In the positive column has been some of the security theatre - the appearance of improved security will be reassuring to some people. But everything else has been negative - the government expenditures, making new enemies in Iraq and Afghanistan, the loss of freedom for Americans, the massive invasive spying on Americans, the use of "terrorism" as an excuse for inexcusable things, the loss of American prestige (Guantanamo Bay isn't good PR), the additional friction on American life in both time and money (try taking a flight) and the list goes on.
I don't want to belittle 9/11, but the same number of people die each and every single month on American roads. It happened that same month, and every month since.
IMHO it would be a far better remembrance to the victims if we said "fuck you" to the perpetrators and lived free and open lives despite them, rather than the crippling effects that did happen.
Very few are murders. Murders and accidents are not the same thing and not equally bad.
One difference: if you don't do anything about accidents, the rate stays the same. If you don't do anything about murder and just let it happen, the rate goes up as more people realize they can get away with it and serial killers or terrorists get more bold.
Once, while getting a certified check, I was unable to sign correctly (you have to sign two or three times). After a couple of failures the teller turned her computer screen around to show me my saved signature and said "just sign it so it looks like this"
I had the misfortune to lock myself out of my bank account once or twice and the process for unlocking it was so dreadful (a 30 minutes interrogation with questions like "when and where did I make my last ATM transaction") that since then I keep the required sensitive info in a GPG encrypted file so that I never have to call them again. Other equally frustrated but less tech savvy customers are probably doing the same with post-it notes. Is this an improvement?