Right, we have various add-on solutions because the core problem is unsolvable. How do you identify every person in the US? You can't, SSN is the only way to even try to do that. But SSN is just a number. No picture, no description, no renewals, no nothing.

So then we bolt-on these solutions to try to get it to work. The issue is we have multiple costs here - we have to balance security, but we also need to make sure customers can get their money most of the time they need to.

I recently signed up for Apple Enhanced Data Security or whatever it was called. It made it very clear that if I lose my password, my data can never be recovered. Ever. No email address can help, no recovery mechanisms. It's sealed and done for good. I'm tech-savvy and I can live with this. Can Nana? For my money, no.

We do things like security questions because they're easy and people understand them, and people use them all the time to recover accounts. Same reason we do SMS - everyone has a phone. These are imperfect solutions because perfect solutions have other issues. How many people will be locked permanently out of their bank account? How will the bank deal with those lawsuits?