My bank doesn’t get security
As I wrote previously, I was recently the victim of some debit card fraud. As part of the resolution process, I received a phone call at work yesterday from an anonymous number.
— Hello, is that Mr Battley?
— Er, yes, it is.
— This is S— calling from Halifax about some recent fraud on your
account. Can you tell me your date of birth to confirm your
identity, please?
— Certainly. But how can I confirm that you’re really
Halifax?
— Um, well, I could tell you some details about your account.
So I asked her to tell me a couple of things, she told me the answers, and we proceeded from there. But it obviously took her by surprise. There appears to be no standard procedure for bank employees to identify themselves: it’s expected that the customer will simply divulge their personal information over the phone to anyone who asks, and it seems like most of them do.
The real danger is that the bank is training the customer to behave in a risky manner, when these interactions could instead be excellent opportunities to instil a healthy scepticism about cold callers. It’s a wasted opportunity.