My bank doesn’t get security

As I wrote previously, I was recently the victim of some debit card fraud. As part of the resolution process, I received a phone call at work yesterday from an anonymous number.

— Hello, is that Mr Battley?
— Er, yes, it is.
— This is S— calling from Halifax about some recent fraud on your account. Can you tell me your date of birth to confirm your identity, please?
— Certainly. But how can I confirm that you’re really Halifax?
— Um, well, I could tell you some details about your account.

So I asked her to tell me a couple of things, she told me the answers, and we proceeded from there. But it obviously took her by surprise. There appears to be no standard procedure for bank employees to identify themselves: it’s expected that the customer will simply divulge their personal information over the phone to anyone who asks, and it seems like most of them do.

The real danger is that the bank is training the customer to behave in a risky manner, when these interactions could instead be excellent opportunities to instil a healthy scepticism about cold callers. It’s a wasted opportunity.

2008-03-01 12:24 UTC. Comments: 2.

Comments

Skip to the comment form

  1. Piers Cawley

    Wrote at 2008-03-01 17:54 UTC using Unknown browser on Mac OS X:

    And, if you weren’t you, they’ve just given out some of your details to a complete stranger.

    I went through this with the taxman a couple of years back. Got a phone call out of the blue from someone claiming to be the taxman, I asked him how he could prove he was who he said he was and we went through a bit of rigmarole where I managed to get a depressing amount of information out of him about me. Once we’d been through the process, I told him that the next time anyone from the tax office needed to phone me, the password was “trouserpress” (I used a different word, obviously) and he said okay.

    About a year later, they phoned me again. So I asked them for the password. Which they didn’t know because the first idiot hadn’t made a note of it. Again, after a certain amount of rigmarole (more personal information from the taxman) I gave ‘em another password. At one point, the second idiot suggested that he give me a phone number and I phone him back…

    I await with interest their next phone call, because this time, if they don’t have the password, I shall not be speaking to them.

  2. Piers Cawley

    Wrote at 2008-03-01 17:55 UTC using Unknown browser on Mac OS X:

    I forgot to add that, for similar reasons I won’t give the bank my email address. It’s not because I don’t trust ‘em not to sell the address on, but because that way I know, with certainty, that any email I get purporting to come from my bank must be a phishing attempt.

Leave a comment

Please read the comment guidelines before posting. Comments are Gravatar-enabled. Your email address will not be published.

To prove that you’re human, type human in the Bot check field.

Trying to post some program output or a long code sample? Please use a paste service and link to it instead.