Security how banks are hurting themselves

I recently got a notice for a bank I deal with the they wanted to verify a charge I did, to protect my identify. But this is where it get stupid.

——————————————————

They send me a e-mail

test 1

If you look at the link

Transaction Authorized -  it links to https:// activityconfirmation.chase.com/p/Chase_Fraud_RTM/ProdResponseHash?seq=&resp=Y

Note: Real sequence number has been changed to protect data

Upon clicking the link, the next site I see

activityconfirmation.chase.com and then get redirected to

https:// profile.na.epidm.net/ChaseRTM/HandleResponse.aspx?skey=xxxxxxxxxxxxxxxxxxxxxd&curres=Y

Note:Real sequence number has been changed to protect data

Who Is profile.na.epidm.net ??? and the web site has broken links on it !

——————————————————

So I call Chase and they do not know who epidm.net is  but they say contact Abuse @ Chase.com  so i do

and this is the best part

the reply is

——————————————————

Hello,

Thank you for forwarding your recent e-mail to our Abuse mailbox. We have reviewed the message and it is a valid notification from us regarding Urgent Chase Confirmation ?

Recent transaction for account ending in xxxx. If you have any questions or concerns about this e-mail, please contact us at 1-877-CHASEPC. Thanks for choosing Chase.

Thank you,

Email Customer Service Representative

email address [email protected]

——————————————————

So not I get reply from not Chase but another company and they do not understand why I think their security stinks.

I then call Chase and after speaking to 20 people i get—you guessed, it no it not a issue.

——————————————————

Why the Chase Bank does not understand is it not good to deal with a bank you redirects you to 3 different domains and they think that fine.

My warning is to deal with banks who understand security and practice it. Do not use a bank if they do not understand on-line security. Sorry Chase you lost me as a customer.