My wife and I had our USAA account 'hacked' in much the same way. Someone called the support line repeatedly, pretending to be my wife, got denied repeatedly. Until one time they didn't. Convinced the teller to reset the password on the account and tell them the login name. All the security in the world doesn't matter if the human with the keys is an idiot.
In the end, in our case, USAA gave us a detailed rundown of how they failed, and then turned up to 11 the security questions my wife had to answer. Every single call she had to give a password, pin code, and then answer the questions that are sourced from Experian(or some other credit bureau) intended to prove identity through knowledge. Every time. They punished us for a mistake they fully admitted was their employee's fault.
Nah, I'm not bitter at all. Ultimately, though, it will be one of the reasons I move my account away from USAA.
In the end, in our case, USAA gave us a detailed rundown of how they failed, and then turned up to 11 the security questions my wife had to answer. Every single call she had to give a password, pin code, and then answer the questions that are sourced from Experian(or some other credit bureau) intended to prove identity through knowledge. Every time. They punished us for a mistake they fully admitted was their employee's fault.
Nah, I'm not bitter at all. Ultimately, though, it will be one of the reasons I move my account away from USAA.