I realise it's not ideal, but it's an open question West you'd like them to do instead? Do you want them to refuse you service completely, for example?
If they are happy to ignore my answers to the security questions and go with other questions instead then they should scrap the security questions altogether. Otherwise, yes, they should refuse me service because the point is to use the security questions to establish whether I am who I am claiming to be.
MFA. Security questions are easily socially engineered, especially when you need to choose from a list. What city was I born? One of the easiest things to find out about a person.
