
Sham? - AbunaiAnata
http://www.americanbanker.com/bankthink/wells-fargos-failure-to-authenticate-led-to-sham-accounts-1092982-1.html
======
bradknowles
If the requirements are an SSN and a debit card, then that's easy to fake --
both numbers are easily obtainable from a legitimate customer and then you
don't need to get them again.

Requiring a verifiable and provable second factor authentication system is the
hard part.

Maybe the thing you have needs to be a crypto device with a secure enclave, so
that it can't be easily faked? Maybe a Yubikey or an Apple Watch?

