A friend of mine had been making a career out of responding to these offers. I was always too busy to chase them down, but this one arrived in the mail a few weeks ago and seemed too good to pass up.
I thought, “You’ll give me $800 just to open an account and make some direct deposits for a couple of months?” I considered changing banks earlier, but never got around to it. While we moved a few years ago, I still banked in Clarkston. Why not move my accounts closer to home?
But I needed to ask a few questions first, and went to their local branch.
I expected the usual formalities – show them my driver’s license, provide a second form of identification (passport), and hand over my Social Security number for tax reporting. She said they must verify my information with the Social Security Administration. I’m okay with that.
What I wasn’t expecting was everything else involved.
The Extent of KYC
The “Know Your Customer” or KYC regulations, which are part of the Bank Secrecy Act, are intended to prevent money laundering, terrorist financing, and other financial crimes. Banks need four pieces of information to open personal accounts under KYC:
· Full legal name, with proof of identity
· Date of birth
· Residential address
· Taxpayer identification, which is usually the Social Security number.
That’s it. Then the bank must verify the information, typically by checking databases such as Social Security or credit bureaus and asking questions if “red flags” appear. No sweat.
Why I Care About How Much Information I Disclose to Businesses
I’ve always been a private person. Years ago, I learned not to give my Social Security number to just any business that asks for it. There is just too much fraud. And these days, there is even more opportunity to collect someone’s personal information to carry out online fraud. I get it. But that doesn’t mean I have to give anyone a blank check.
Some may think I’m paranoid. I’m not; just careful with my information. I shred financial documents, for example, before tossing them out. I also question why a business needs all of the information they request. For example, Chase Bank wanted me to tell them my income and investments before making a car loan. I told them they can already see my checking and savings accounts and make their decision. They loaned the money.
More recently, I’ve received several letters telling me that my personal medical information has been hacked. Each involved third-party providers to Beaumont Hospital (a.k.a. Corewell Health). You see, your information is protected only as well as the “weakest link.” Beaumont may be able to protect me, but they have “data sharing” arrangements with companies that provide them (and supposedly me) with various services, from scheduling to pharma to who knows what. While I complained to Beaumont and insisted they needed to verify the information security of their “partners,” they would not reply.
What “Checking Databases” Means to PNC Bank
As we went through the account setup process, I learned what this was going to involve:
· They wanted me to authorize sending my personal information “to third parties,” including the credit reporting agencies. I asked Ava who those parties were; she didn’t know.
· PNC wanted me to authorize my wireless carrier to use or disclose information about my account “to PNC or its service provider” for the duration of our relationship. Again, Ava didn’t know who these service providers were.
· Next, they wanted me to authorize the Social Security Administration to disclose my information to PNC Bank through Early Warning Services, LLC. What company is this? I never heard of it, so I searched online. It turns out the New York Attorney General is suing the company in August 2025 for enabling fraud. The AG accused them of allowing scammers to easily target users and steal over $1 billion between 2017 and 2023.
What Else Could Go Wrong?
Then I asked Ava what kind of login security PNC Bank uses beyond the simple user-ID and password combination. I was hoping to have the option to use an authentication app like Ente Auth. No, she said. “We can send you a text message on your phone to sign in.” Well, what if I’ve lost my phone, or someone has stolen it? Someone else may get my text. “I guess you could call us,” she said. So I mentioned that Fidelity, Google, Coinbase, HP, my doctor, and even the federal government allow the use of an authenticator app to help customers secure their accounts. I asked her to pass along my request to her management.
So now I had to decide … how much information do I want to give PNC, and how much risk do I want to take with them sharing my information with companies that are either under indictment or cannot be identified by PNC itself?
“Okay, before we go further,” I said, “would you please ask your management to provide me with a list of these third-party companies you use?”
“Sure, I can ask,” said Ava. “I will call you.”
I’m still waiting. In the meantime, the $800 offer expired.