My initial guess is it was something quick they had to implement because.. well.. scams.
The web site isn't a live view into your account. From a security perspective, I'm imagining there's files that go back and forth between the super-secure server that holds account information (and everything involving your T-Mobile life, up to and possibly including your SSN, depending on account type), and the exposed web server that you log in to. This is to protect you, as a customer, in the event the site is hacked.
The effort to add a field to a database on the super-secure server that CSR folks have access to while they're on the phone with you is a lot less than adding a field in this system, then adding it to any integrations between that system and the web system, adding it to that web system as well, and then any integrations that have to go back.
And, also think about it this way -- if someone steals your phone, they're able to get any password reset on the My Account pages, and possibly set / reset some settings, such as this.
But, from a technical and timing/threat standpoint, I believe my effort reason is the why. It will probably be added to the account site at some point in the future when additional enhancements are made.
1 of 1 people found this helpful
Making sure your account stays secure is our number one priority. With how the feature was integrated on the back end of our existing account system, it's much easier for us to take care of adding it for our customer's when they give us a call. I don't have any word it'll be something added into MyT-Mobile, so unless that changes, calling in will be the only way to add this.
I'd like to know what information someone can get from your account by fraud. I don't use the phone as most do, I have deleted/disabled all payment options, NFC, 95% of Google and bluetooth on the phone. I have no social media except Viber and mms. I do not keep any personal info on phone. I use the phone as a reference repository. 95% paid apps. I don't game, do videos or stream music. I do not have a TMO account set up on the phone for billing, just the APN for service and bands.
Since I do pay bills online via a Linux box, the online account does have the right info for paying bills. However, I will not use auto pay or other apps of convenience.
What exactly does TMO keep if you don't use autopay? Is your SSN available on the account easily? Since I don't use autopay, my bank and CC# should not be available. I also have not purchased any phones from TMO except Alcatel Flip purchased outright. I tend to buy unlocked for myself as cleaning out all the extras as in apps and services is a pain. I also will not use phone number for part of ID.
What happens if you have frozen your credit already?
What is the difference between locking the SIM and port validation? My flip phone user has refused to learn how to work a smart phone. I can't put anything on the account that will "upset" him should he need my phone and I'm not immediately handy. He simply does not like to change routine, but he is also not an authorized user. TMO refused him service in store once since he is not authorized. His temper tantrum was well worth not authorizing him. Since I'm paying and he doesn't have to think about it - he shut up.