May 28, 2008 - J.D. Power - Regions dead last in customer satisfaction

Regions Bank - Regions Financial Corporation - Complaint Site, unofficial BadRegions Home Find a Better Bank File a Complaint Government Watch Discussion Forum Frequently Asked Questions Contact Regions Contact Us

REGIONS FINANCIAL CORPORATION has unethical business policies. BadRegions.com was designed to expose the unethical policies of Regions Bank. We provide a forum for people to post their fraud stories, complaints, lawsuits and other dissatisfactions. Click here for Regions official website.

Credit Unions -
Learn the real truth about credit unions vs. banks. We think you will be surprised!       more info


Merger Information -
Read customer and employee feedback on the progress of the AmSouth/Regions merger.
more info


Class Action Info -
Learn how you can assist in bringing a class action against Regions.                more info
AmSouth (dba Regions Financial) is the current poster child for how to do security wrong.

By Security Expert Winn Schwartau
The thing about security is, well, security happens, and sometimes it doesn't happen, and then sometimes it's over the edge with mind-numbing incomprehensibility. I tend to notice these things.

I was on the road recently. I forgot/lost/misplaced my password to log on to Internet banking so I could pay my staff. I called 1-800-Amsouth (dba Regions Financial) and asked for my password. They asked me for: 1) my name; 2) account name and number; 3) address; 4) federal ID number; and 5) date of birth. Then they gave me my password.

My wife overheard the conversation and raised hell with me about how easy it was to gain access to our intertwined online accounts with no decent security check. AmSouth's (dba Regions Financial) proof-positive security check was, in fact, public information.

Then it only got worse. AmSouth (dba Regions Financial) called me at home. The woman on the phone said she needed to discuss a problem with me, but first I needed to answer a couple of questions. Then she proceeded to ask me for personal information to "protect me" and "confirm my identity."

What's wrong with this picture? Millions of e-mail phishing attacks reach out to snag gullible somebodies - for financial gain or identity theft. One type of phishy e-mail induces a greedy victim to respond, promising vast wealth. Others attempt to lure the unsuspecting into "fixing" their PayPal or bank accounts. Then there are those that use fear: "Your account is in serious delinquency," or "You just bought four plasma TVs and we want to confirm your order," or "The wire transfer you initiated for $10,000 needs secondary confirmation."

Spear-phishing fine-tunes the art to select companies specifically targeted for their assets. It's all about the money.

Especially in the financial sector, we teach companies and their staff about social engineering, identity theft, phishing and all the ways the bad guys want to scam you, your company and your customers. Then we teach them what not to do - how not to respond to phishing or suspicious activity at work or at home, so they can avoid becoming victims.

Here was AmSouth (dba Regions Financial) acting and operating just like a criminal enterprise trying to scam personal information from me. It was using the same techniques phishers use to try to get hapless victims to release private information as a pretext to identity theft.

Under the pretense that this really was AmSouth (dba Regions Financial) calling me, albeit using phishing-like methods, I called 1-800-Amsouth and asked whether there was an issue with one of my accounts. They verified my identity: name, Social Security number, date of birth, mother's maiden name. AmSouth (dba Regions Financial) clearly has security issues in establishing proof-positive identification using publicly available information - including those things I warned it about almost 15 years ago, and nine years ago and . . . you get the idea.

I now had a truly helpful fellow from AmSouth's (dba Regions Financial) Alabama headquarters tell me that everything in my accounts was fine. But I am the suspicious type. Something still felt phishy, so I called my local branch, where they know me well yet actually require photo ID when I make transactions in person. I asked if there was a problem with any of my accounts. Thirty seconds later I was told: "You didn't pay 'this item' on time. It's 10 days late." I drove to the bank and made the payment.

AmSouth (dba Regions Financial) is the current poster child for how to do security wrong, encourage phishing by illegal entities and offer no alternative to this lame attempt at identity verification. (For the record, when asked to comment, AmSouth (dba Regions Financial) spokesperson Jerri Franz said, "We do not discuss the details of our information security.")

It's so simple. "Hi, Winn. There seems to be a problem with your account. Why don't you call or visit your local branch and see what's going on?" Or, "Hi, Winn, you might want to log on to your accounts. There might be a problem with one of them." Or, "Please call 1-800-Amsouth . . . " - but then there is that proof-positive ID problem.

There are plenty of more viable security alternatives to phishing. Or am I wrong?


Regions Loves You In
Their Own Special Way!



Home | Find A Better Bank | File a Complaint | Government Watch | Forum | FAQ | Contact Regions | Contact Us