Back to Home
MFA-optional banks leave safe doors (and accounts) wide open for thieves to pillage

MFA-optional banks leave safe doors (and accounts) wide open for thieves to pillage

T
Techpivo News
·2 min read·0 views
Security MFA-optional banks leave safe doors (and accounts) wide open for thieves to pillage Financial institutions are putting their clients at risk in the name of convenience. Avram Piltch Avram Piltch US editor Published sun 5 Jul 2026 // 16:01 UTC OPINION I write a weekly column called PWNED , about how poor security practices can lead to serious damage. Usually, there’s something funny in the malfeasance, like a CEO who kept every employee’s password in an Excel file on his desktop.  However, I wasn’t laughing back in May when professional thieves invaded my 84-year-old mother’s entire financial life and managed to make off with $30,000 from her bank accounts alone. And they wouldn’t have gotten in if her financial institutions required multi-factor authentication (aka MFA or 2FA), a step too many institutions won’t take. One day in May, Mom got a call from the institution that runs her retirement savings account, who had identified a suspicious transaction and asked her if it was legit. She said no and they immediately protected her account. REG AD Then she checked her bank account at a different institution to see if it was compromised and found thousands of dollars transferred out of her checking and savings accounts. The thieves knew exactly how much they could withdraw each day, and used both withdrawals and transfers to a strange account. But the financial institution hadn't flagged the fraudulent activity.  REG AD The thieves were so slick that they broke into her Gmail account and created spam filters to filter any mail from her bank or retirement savings provider to the trash so she wouldn’t get alerts about the transfers or about the fake accounts they made in her name. She spent hours on the phone reporting the theft to an unhelpful and incredulous fraud department who asked “Are you sure a relative didn’t do this?” We don’t know for certain how the crims got into my mom’s accounts, but we know she used the same or similar passwords on all

Discussion

We use cookies and similar technologies to improve your experience, analyze traffic, and personalize content. By clicking “Accept All”, you consent to our use of cookies. See our Cookies Policy for details.