Looknsee Photography wrote:
I hate that so much information about me & my finances are so readily available to banks.

Thoughts?

Nah. We have so much financial information (a massive trust, several properties owned outright ---no mortgages whatsoever--- operating as separate LLCs, lots of investments, multiple sources of passive income), I actually am pretty pleased that there are ways of obtaining a high-level, consolidated view of all that mess.

We were recently offered a humongous line of credit on our overall financial profile with all sorts of perks, no maintenance fees, and a ridiculously-low interest rate. We have zero debt and near-perfect (top 1%) credit scores. All of this info, aggregated, provides us exclusive access to those opportunities, which are either very difficult to obtain or are entirely unavailable otherwise. We don't need a line of credit, but our accountant suggested that it wouldn't be a bad idea to consider it, to have in case of dire/catastrophic circumstances.

The catch is that the bank wants us to bring over one of our investment portfolios so they can actively manage it. My wife has some pretty strict requirements for line-item-level reporting, and I don't think they're gonna pass those requirements.

Another Italian Guy wrote:
If you have mortgages on the rental properties in either your  name or that of your company then they will likely show up in a credit search.

If your company that owns the properties is the same one you were getting the credit card through then the properties will be listed as an asset of the company; again, not surprising they know this.

For the record -- I own both of the rental properties free & clear.  No mortgages. 

For the record, the music business is totally separate from my personal finances; my rental properties are not assets of the music business.

I note that I never did give them my social security number, but I suppose that it is likely that the number is part of the bank records.  But connecting me to my rental properties -- that's just too much.

Looknsee Photography wrote:

For the record -- I own both of the rental properties free & clear.  No mortgages.

Maybe now. But did you ever have mortgages on them?

MelissaAnn  wrote:
It's all on your credit report.  Any company that runs your credit has access to anything you have ever financed/made payments on (unless it was a personal loan).  It's been that way for a long time.

But all I'm doing is activating a new version of a credit card because the old one is going to expire.  I've had that credit card for over 20 years -- it's the same card number all that time.

Banks are so stupid.

Another example:  refinancing the mortgage on my residence.  I've had that mortgage for about seven years, and rates today are significantly lower.  I wanted to refinance, instead of the 23 years remaining, I'd go for a 15 year mortgage, and my new PITI payment would be the same as the old payment.  My credit score is excellent, and in the past seven years, I paid off the mortgages on three rental properties, significantly increasing my revenue.  But, I have a building lot as an investment -- that lot doesn't bring in any revenue.  So, the bank strung me along for 3 months before turning me down.  It makes no sense.

MelissaAnn  wrote:
It doesn't really bother me that companies know about other things I've financed.  I don't know them, or care what they think about my other financial decisions that aren't effecting my credit report in a negative way.

Talk to me after your identity has been stolen & your bank accounts have been drained.  Talk to me when you have to close all your accounts & open new ones.  Talk to me when your credit score crashes.  Talk to me when your junk mail, junk e-mail, and unsolicited phone calls during dinner increase.

Sigh.  I'll stop now -- you are entitled to your position, but I find the lack of privacy to be very annoying, dangerous, & inconvenient.

Looknsee Photography wrote:
Talk to me after your identity has been stolen & your bank accounts have been drained.  Talk to me when you have to close all your accounts & open new ones.  Talk to me when your credit score crashes.  Talk to me when your junk mail, junk e-mail, and unsolicited phone calls during dinner increase.

Sigh.  I'll stop now -- you are entitled to your position, but I find the lack of privacy to be very annoying, dangerous, & inconvenient.

You are right to be concerned.

The general public lacks the experience or the imagination or both to understand the degree of threat that is presented.

To give an example, my middle-aged sister-in-law was recently unable to transact business with a government department because someone had coded her as a young male and those on the other end of the transaction always assume that the computer is infallible.

Despite the fact that she had a history with that organisation going back over forty years during which time she was exclusively a female child of the sixties, she still had to present herself in person with her passport to establish that she was not a Gen Y male.

Looknsee Photography wrote:
For the record -- I own both of the rental properties free & clear.  No mortgages. 

For the record, the music business is totally separate from my personal finances; my rental properties are not assets of the music business.

I note that I never did give them my social security number, but I suppose that it is likely that the number is part of the bank records.  But connecting me to my rental properties -- that's just too much.

When you acquire a property, regardless of how you got it (paid cash, took a loan, inherited it, or won it in a raffle, etc.) your SS number was provided to the local government. Property ownership records are public and generally shared/sold to the credit reporting agencies.

When you get a credit card you provide a SS number, regardless of whether it's in your name or in a company name of which you're a principal.

Looknsee Photography wrote:
How the heck did they know about my rental properties -- this was my business credit card.

OP: no offense, but maybe they visited MM and saw you post about it?

Looknsee Photography wrote:
But all I'm doing is activating a new version of a credit card because the old one is going to expire.  I've had that credit card for over 20 years -- it's the same card number all that time.

Banks are so stupid.

Why are they stupid for making an effort to verify that the person on the phone with the new card is actually who they claim to be and not someone who intercepted it in the mail?

Looknsee Photography wrote:
Also, let's remember that this corporation (and this credit card) has been in existence for over 20 years.  Doesn't that count for anything.

No it does not and I have no idea why you think it should because:

Looknsee Photography wrote:
Okay, I appreciate that they had to verify that I am who I am

Why do you think that requirement changes with the age of the account?

Corporate cards are issued to individuals, who are the only authorized users of those cards and identifying information is tied to that particular card for security purposes.  You are not anonymous by virtue of a corporate shield when you use it.

Charlie-CNP wrote:

OP: no offense, but maybe they visited MM and saw you post about it?

x100

Charlie-CNP wrote:
OP: no offense, but maybe they visited MM and saw you post about it?

Ummm -- my name is not associated with my MM profile (or my website, for that matter).  (And I'd appreciate it if you didn't attempt to find my name -- thank you).


My concern is that if this bank had all that info available at their fingertips, any mildly competent bozo has access to that same info.  If you ask me what city is the property at 123 Main street is, I could probably find that out before the bank person finished offering me the three choices.  I'm concerned because not all bank employees are 100% reliable & honest. 

What I'm saying is that their so-called "identity confirming" questions aren't really identity confirming -- you want to confirm my identity, ask me a question that a hacker can't answer.

Looknsee Photography wrote:
My concern is that if this bank had all that info available at their fingertips, any mildly competent bozo has access to that same info.  If you ask me what city is the property at 123 Main street is, I could probably find that out before the bank person finished offering me the three choices.  I'm concerned because not all bank employees are 100% reliable & honest.

No offense, but your concern, as stated, is utterly meaningless. Financial institutions do have access to all this information, and that is common knowledge. The information is out there. Remember when we all learned about a certain presidential candidate's offshore accounts?

If you mistrust bank employees to the extent that your words indicate, then simply don't do business with financial institutions. The problem here is that your expectation of what constitutes "privacy" appears to be built on a foundation of misunderstanding. The "privacy" you think you had is simply incorrect. This experience has simply eradicated an incorrect assumption on your part, and, understandably, that's a bit of a shock. That revelation does not have the effect of validating your incorrect assumption in any way.

Looknsee Photography wrote:
I would be okay with them asking questions about the company, but question about my personal finances seem to cross the line to me.

That "line" is a manifestation of the incorrect assumption I mention above. There is no such "line" to "cross".

Looknsee Photography wrote:
What I'm saying is that their so-called "identity confirming" questions aren't really identity confirming -- you want to confirm my identity, ask me a question that a hacker can't answer.

Like what? Give me an example of a question a bank can ask you that a hacker can't answer and/or which the answer isn't otherwise readily available to "any mildly competent bozo".

kickfight wrote:
That "line" is a manifestation of the incorrect assumption I mention above. There is no such "line" to "cross".

My point is that the credit card is a business card, not a personal card.  If "companies are people", then verify the company.

kickfight wrote:
Like what? Give me an example of a question a bank can ask you that a hacker can't answer and/or which the answer isn't otherwise readily available to "any mildly competent bozo".

You are local to me -- bring up http://www.portlandmaps.com -- the "security" questions I was asked were...
...  The property at 123 Abc st is in what city (multiple choice, 3 cities given)
...  The property at 456 Xyz st is in what county (multiple choice).
I can look up the answers to those questions before the person finishes reading my three choices.

My point is that these questions really don't verify my identity.

What kind of question they could ask?  I don't know, but I do know that this current verification process is far from foolproof.  Here, however, are some ideas:

...  I would prefer that they asked me questions related to the business & not my personal finances.  For example, what is the address or fax number of the business' office?  Or name 3 songs in our catalog.  Or name one of the writers to one of the songs.  Something that would be more of a challenge.

...  Multiple choice -- 'way too easy.

...  Make the questions more difficult -- instead of giving me the street address & asking me the city, how 'bout giving me the city & making me supply the street address?

kickfight wrote:
That "line" is a manifestation of the incorrect assumption I mention above. There is no such "line" to "cross".

Looknsee Photography wrote:
My point is that the credit card is a business card, not a personal card.  If "companies are people", then verify the company.

OK, I saw what you did there, and I agree with the underlying critique, so you've kinda disarmed me here, and I need to get my serious face back on.

My point is that that distinction ("the credit card is a business card that has nothing to do with my personal info") is not actually meaningfully distinct to entities that are allowed to have a comprehensive view of your entire financial profile. It's YOUR business we're talking about here, not a corporation.

kickfight wrote:
Like what? Give me an example of a question a bank can ask you that a hacker can't answer and/or which the answer isn't otherwise readily available to "any mildly competent bozo".

Looknsee Photography wrote:
You are local to me -- bring up http://www.portlandmaps.com -- the "security" questions I was asked were...
...  The property at 123 Abc st is in what city (multiple choice, 3 cities given)
...  The property at 456 Xyz st is in what county (multiple choice).
I can look up the answers to those questions before the person finishes reading my three choices.

I entered the address of one of our properties in Texas. As expected, it didn't find that address. In my case, asking me about one of those properties and trying to confirm it using portlandmaps = FAIL.

See how your scenario already includes a number of assumptions that by necessity require already knowing those properties are in multnomah county/the general portland area?

Looknsee Photography wrote:
My point is that these questions really don't verify my identity.

Based on what criteria? You knew the answers. That's all they need to confirm.

Looknsee Photography wrote:
What kind of question they could ask?  I don't know, but I do know that this current verification process is far from foolproof.  Here, however, are some ideas:

...  I would prefer that they asked me questions related to the business & not my personal finances.  For example, what is the address or fax number of the business' office?  Or name 3 songs in our catalog.  Or name one of the writers to one of the songs.  Something that would be more of a challenge.

Sure, but in order to confirm that, they would need to have access to that information. Which means that information is accessible. Which means that any hacker or "any mildly competent bozo" very likely has access to it as well.

Looknsee Photography wrote:
...  Make the questions more difficult -- instead of giving me the street address & asking me the city, how 'bout giving me the city & making me supply the street address?

Again, any person who can confirm those answers already has that information. It doesn't matter what they ask or in which order it is obtained, because they already have ALL that data.

Looknsee Photography wrote:
I would prefer that they asked me questions related to the business & not my personal finances.  For example, what is the address or fax number of the business' office?  Or name 3 songs in our catalog.  Or name one of the writers to one of the songs.  Something that would be more of a challenge.

sigh

Because anyone associated with the business could potentially answer those questions and while the account belongs to the business the card was issued to you as an individual and it's your identity that needed to be verified.

Looknsee Photography wrote:
My point is that these questions really don't verify my identity.

kickfight wrote:
Based on what criteria? You knew the answers. That's all they need to confirm.

My point is that they knew the answers, because they have tons of data about me on-line, which means that any moderately skilled hacker can access that same data on-line & provide accurate answers.

Therefore, their identity verification process is very easy to crack.

Looknsee Photography wrote:
My point is that these questions really don't verify my identity.

kickfight wrote:
Based on what criteria? You knew the answers. That's all they need to confirm.

Looknsee Photography wrote:
My point is that they knew the answers, because they have tons of data about me on-line, which means that any moderately skilled hacker can access that same data on-line & provide accurate answers.

Therefore, their identity verification process is very easy to crack.

Wait, what? No, your scenario above has nothing to do with "hacking". Your scenario above assumes someone already knows you have properties in the general portland area but for whatever reason also needs to use portlandmaps to confirm additional data about those properties so they can answer some questions about them. It's an unsound scenario with a number of assumptions in place that do not apply in the real world (as I demonstrated with the example of properties in Texas). There is no hacking or cracking happening there at all.

The quantity of data they have available is irrelevant.

If they only have one single solitary data point about you, and that's the info you need to verify for them, then it's available to any mildly competent bozo, and it's available to a moderately skilled hacker as well. If they have thousands of data points about you, from which they can choose a subset of that data for you to verify, those thousands of data points are ALSO available to the mildly competent bozo and the skilled hacker.

kickfight wrote:
Wait, what? No, your scenario above has nothing to do with "hacking". Your scenario above assumes someone already knows you have properties in the general portland area but for whatever reason also needs to use portlandmaps to confirm additional data about those properties so they can answer some questions about them.

No, what I'm trying to say is that the information used to ask the so-called "verification" questions is not exclusive to that bank.  My position is that if the bank knew enough to ask those questions, anyone with moderate skills will have the same information.  Their security procedure doesn't actually verify my identity.

kickfight wrote:
Wait, what? No, your scenario above has nothing to do with "hacking". Your scenario above assumes someone already knows you have properties in the general portland area but for whatever reason also needs to use portlandmaps to confirm additional data about those properties so they can answer some questions about them.

Looknsee Photography wrote:
No, what I'm trying to say is that the information used to ask the so-called "verification" questions is not exclusive to that bank.  My position is that if the bank knew enough to ask those questions, anyone with moderate skills will have the same information.  Their security procedure doesn't actually verify my identity.

And that's why I keep asking: what, exactly, are you suggesting they use to verify your identity? Because any security procedure that requires the confirmation of a piece of data means that piece of data MUST be available to the bank, and if it's available to the bank, it's available to anyone with moderate skills.

Even in the case of a unique token that was created specifically for the purpose of identifying you to the bank (and vice-versa), THAT IS ALSO data that anyone with moderate skills can obtain.

Sounds to me like you're getting thrown off by the fact that they used data that is part of your comprehensive financial profile as the verification data, because you're stuck on a scenario where someone is ready and waiting to enter a query into portlandmaps and then obtain a result which allows them to provide the correct answer to a verification question. As I have pointed out repeatedly, that's simply not a legitimate real-world scenario. It already assumes too much prior knowledge of where your properties are.

And yet, I'm still wondering what any of this has to do with privacy. Your expectation of privacy ---relative to the fact that financial institutions can and do create a comprehensive profile on their customers, which will include data from other entities--- is simply a misapprehension.

kickfight wrote:
And that's why I keep asking: what, exactly, are you suggesting they use to verify your identity?

Dunno.

They can call the company's CFO & ask them to verify that the right person got the card.  Isn't that better?

I'm also not happy that my personal information bridged the gap with my corporate information.  Part of the reason to incorporate is to separate my business & personal liability & finances, so that someone suing my business couldn't tap my personal assets.  But in order to maintain that separation of liability, I thought we had to keep everything separate (e.g. don't pay for a business expense with a personal check).

I also believe that the greater one's net worth is, the more one becomes a target for frivolous lawsuits, identity theft, nuisance claims, and other nasty time-wasting stuff.  I like to keep my personal stuff private.

And it's none of the corporation's banks business if I have rental properties or how I spend my money.

Looknsee Photography wrote:
I'm also not happy that my personal information bridged the gap with my corporate information.  Part of the reason to incorporate is to separate my business & personal liability & finances, so that someone suing my business couldn't tap my personal assets.  But in order to maintain that separation of liability, I thought we had to keep everything separate (e.g. don't pay for a business expense with a personal check).

The liability and financial separation doesn't imply a complete separation in other areas.  You are still you -- even when acting on behalf of the corporation.  Just because you are acting on behalf of the corporation doesn't erase your identity as <whatever your name is>.  If they need to verify that you are who you say you are then there is no reason not to use information outside of your corporate identity -- especially if that information is publicly available.

If they obtained the information in some unethical manner then that is something to take up with them but if it's information that's out there for them to get then it is what it is.

Looknsee Photography wrote:
They can call the company's CFO & ask them to verify that the right person got the card.  Isn't that better?

Yes, but how do they verify that? What data do they use to confirm that they are actually talking to the CFO?

Looknsee Photography wrote:
I'm also not happy that my personal information bridged the gap with my corporate information.  Part of the reason to incorporate is to separate my business & personal liability & finances, so that someone suing my business couldn't tap my personal assets.  But in order to maintain that separation of liability, I thought we had to keep everything separate (e.g. don't pay for a business expense with a personal check).

I can relate. We have separate LLCs for each property for that very same reason. The fact that financial institutions can aggregate your personal and business data does not affect or minimize that distinction in any way.

Looknsee Photography wrote:
I also believe that the greater one's net worth is, the more one becomes a target for frivolous lawsuits, identity theft, nuisance claims, and other nasty time-wasting stuff.  I like to keep my personal stuff private.

Again, I can totally relate. But the point is that your personal stuff and your business stuff do not become commingled by virtue of that aggregation. The privacy of your personal stuff is technically no different than the privacy of your business stuff.

For example, I was a bit peeved, purely on an ideological/philosophical basis, when I discovered that my wife could see all of our accounts in one report view, which included the legacy account I'd been using for years dedicated specifically for content-creation purposes (i.e., my "kickfight" stuff). I wanted to keep our legitimate businesses and personal accounts and all the other stuff immunized from all that. She just shrugged and reminded me that banks keep merging, and that old Seafirst account, which became a Washington Mutual account, which became a JPMorganChase account, was now "linked" to our other accounts, including our business accounts. She found it quite useful, because using elaborate python-fu, she could pull all sorts of data from disparate sources and have a comprehensive, holistic view of our financial standing.

Looknsee Photography wrote:
And it's none of the corporation's banks business if I have rental properties or how I spend my money.

Trust me, I do sympathize. I too wanted to think that there was some kind of firewall that separated This from That, and That from The Other. But learned that it was a misapprehension, and I too am not 100% thrilled with the State Of Things As They Truly Are. But I'm also not really sure there is a reasonable alternative that wouldn't otherwise be a huge pain in the ass for everyone involved and which would serve simply to assuage my perhaps-outdated sense of what "privacy" means, or meant.