My new bank,
Ally Bank, configures a security question and answer for customer service calls. In addition to your SSN, date of birth, and mother's maiden name they also ask you the question you specify and wait for the answer you've provided. This is good, because many standard questions are
guessable in a way that user-defined questions may not be.
A real live human operator always asks the question and waits for a real live answer. This measure has the potential to not just improve my account security but add entertainment value as well:
Q: Do you know why I think you're so sexy?
A: Probably because you're totally in love with me.
Q: Need any weed? Grass? Kind bud? Shrooms?
A: No thanks hippie, I'd just like to do some banking.
Q: The Penis shoots Seeds, and makes new Life to poison the Earth with a plague of men.
A: Go forth, and kill. Zardoz has spoken.
Q: What the hell is your fucking problem, sir?
A: This is completely inappropriate and I'd like to speak to your supervisor.
Q: I've been embezzling hundreds of thousands of dollars from my employer, and I don't care who knows it.
A: It's a good thing they're recording this call, because I'm going to have to report you.
Q: Are you really who you say you are?
A: No, I am a Russian identity thief.
Q: For the remainder of this conversation, "How can I help you today?" actually means "Would you like to buy some mescaline?" Do you understand?
A: I understand completely.
Update:
Schneier picked this up. Woot.
Update 2: This post got a brief mention on
John Hargrave has fun at VISA's expense, a hilarious story in itself.