Comment Re:The Blame Game (Score 1) 186
They could see if the number was recently ported, yeah.
They would not be able to see if I called up your carrier and had your number [b]forwarded[/b].
Lets say the phone companies $8/h CSRs are absolutely infallible when it comes to social engineering. You've still got hundreds of relatively poor CSRs that may or may not take a few hundred dollars to forward a number somewhere.
The bank should not be validating account ownership based on who answers the phone. It's far too easy to steal a phone, tap a line, or use other methods to compromise the circuit. To be completely honest I'm not even a fan of the automated letters that they send to your house with an access code on them either as all anyone needs to do is acquire your mail. It's not difficult to have the post office redirect mail or just steal it while your not home.
The best way for a bank to allow resets would be an in person visit with photo id and have photo on file to compare it with. Inconvenient, definitely. Reasonably secure? Yeah.