Risk Alert: Your Cell Phone and Two-factor Authentication (2FA)
How cell phones can be used to financially exploit seniors
If you have a cell phone – be aware
Is it a good idea for people with progressive dementia to have a cell phone?
You need to be alert to the risk of what could go wrong with this valuable piece of technology that can be used for keeping seniors connected to their loved ones.
Many cell phones today are used as part of a security measure called 2 factor authentication (2FA). A common example is accessing online banking or making an online purchase. One method to confirm your identity is to provide a code that is sent via text message to the mobile number that is on file. In theory this sounds good, but here’s where it can go wrong.
Easy access by a “helper”
Suppose the cell phone belongs to a senior with some form of progressive dementia or memory loss who is reliant on a family member, friend or home health aide. A “misplaced” phone is an opportunity for a “helper” to obtain a verification code enabling them to make a purchase or divert funds. The “helper” can easily log into a person’s bank account, as seniors often write down their passwords and then leave them where they are easily seen. Then the helper can have the security code sent to the senior’s phone without the person’s knowledge.
In the case of a senior who may be bed-bound or ill, purchases can even be delivered to the home without the senior knowing. The online purchase is being delivered to the senior’s address on file and the 2FA code has been sent to their cell phone on file so it would appear the purchases are authorized.
It seems the “helper” has just helped themselves to something that does not belong to them. I can’t stress enough how important it is to have a review process and a system of checks and balances in place.
If you do not have a cell phone number – be aware
Things can also go wrong when seniors do not have their own cell phone number but allow someone “in charge” to handle things. In one example, a well-meaning assistant used her own cell phone number to help her senior employer with 2FA on his new line of credit. A few years later the assistant retired, and no one knew her cell phone was associated with the senior’s $900,000 line of credit. When the senior attempted to obtain the funds to purchase a home, he was asked to identify himself, provide his date of birth, his social security number and his account number, which he was able to do. But when standard security procedures dictated that he had to provide the code texted to the cell phone number on file, he did not remember whose phone number was on file. The senior, with assistance from his family and a new advisor, attempted to see if the number was associated with his home number, his wife’s cell phone and his daughter’s cell phone. None of these phones were associated with the account and so the funds could not be wired to his checking account, putting his purchase of the house in jeopardy.
It was finally determined that the phone number belonged to the retired assistant, but the bank would not even change the phone number until the security code was given. It took several calls and texts to find the former employee before she answered and was able to get the security code for the senior to then access his own line of credit. Once he passed the final security step then he was allowed to update the phone number on file.
How a Daily Money Manager can help
Every situation is different and should be carefully and thoughtfully reviewed for best practices. DMMS can work with a financial Power of Attorney to perform a thorough review and help the senior and their family come up with a plan. At the end of the day, it’s not what we do – it’s what we can prevent.
MaryEllen McMahon is a Certified Daily Money Manager and CEO of Daily Administrative Solutions, LLC.
