Sprint security
How Sprint puts its customers at risk
So I find myself in the middle of an issue with Sprint. I have to say that while I like the quality of their phone service they do leave something to be desires from a customer service standpoint, but that is not the worst part of my interaction with Sprint. My issue with them is they force the end user to violate all sorts of common sense security rules.
First off, they send me an urgent notice which is a PDF attachment. This means that I need to open an attachment with no way to verify the sender. Well that violates my concepts of first line of defense against malware. The notice was about my past due bill (7 days late) and advising of termination. I submitted a response on the Sprint website pointing out that the bill I received stated my account was set for auto-pay. That should have been the end of it as I went ahead and manually paid the bill since it was clear their accounting system is a bit wacky and was not going to process the auto-pay.
A couple of days later I get a call from Sprint. They said they were calling about my complaint, but that they needed to verify my identity before they could talk to me about it. They asked for my PIN. I advised that security requires that I never give this information to somebody who initiates contact. The caller suggested I could take his employee ID, but he had no way for me to verify the number until after the call. He then asked for my date of birth. I gave the same response. He then asked for my secret question. Huh?
Now most companies are very explicit that they say they will never contact you and ask you for this type of information. Sprint on the other hand asked for 3 different pieces of this information. When I would not provide it, the rep then played the game of trying to put words in my mouth by saying “So, you’re refusing to provide the information I am requesting?” I advised that he was violating all security rules by calling and asking the questions and that Sprint was making their customers very susceptible to identity theft by getting them used to answering these questions on the phone.
Imagine what happens when the Sprint customer who is used to this behavior by Sprint gets a similar call from a bad guy. The bad guy says he is from Sprint and that there is an issue on the account. He then asks for this private information. The customer who is used to,when dealing with Sprint, going against all common sense in regards to security ends up giving out his PIN, date of birth and answer to the secret question to an unknown caller.
Sprint should be ashamed that encourage such sloppy security. Rather than try to force me to give the information, they should have listened to my response and reconsidered the security hole they are creating for each of their customers.
