Friday, September 15, 2006

Banks should know better

This is not meant to be a rant but I feel compelled to write about it. I have just come off the phone with my bank. The reason I called them was to confirm that someone who called me yesterday did indeed work there. Why would I want to do that you may wonder, well, the conversation yesterday went like this:

Bank: "Hi, this [bank name ommitted], is that Mr Dizzy?"
Me:"Speaking"
Bank:"Hi, before I go on can you confirm your date of birth for me please"
Me:"errr... no. I can't actually"
Bank:"Why not?"
Me:"Well how do I know you're from my bank? You could be anyone"
Bank:"Well I need to identify you before I can talk to you about your account"
Me:"That as maybe, but my personal information is for me to identify myself to you when I initiate the contact. Not the other way round"
Bank:"OK, well I guess we can't discuss it further"
Me:"That's fine, I will call the branch tomorrow"

This sort of conversation is not exclusive to my bank. In fact it's becoming more and more commonplace these days for organisations to ring you and ask for your personal details in order that they may identify you.

The more people blindly accept the voice on the end of the phone is telling the truth, the more companies and banks will think it is an acceptable practice which it is not. Given the rise of ID theft you'd think bank's would know better.

6 comments:

Bel said...

Well said, Dizzy. I have been getting such calls from my bank, too, asking for date of birth, post code, even mother's maiden name before they even tell me what they want. I always refuse, and the caller has the gall to sound surprised that I didn't part with the information.

Louise said...

I had a very similar call where I refused to give any information and called the customer services number. As with Bel, they were surprised that I refused to give them my account details.

The irony - they were checking a large payment on my credit card to ensure that I wasn't being the victim of fraud.

Average guy on the street said...

Completely agree here. They should also have to prove who they are.

Thomas said...

Really and truly the banks should know better - you do wonder about whether or not any of their security staff understand the concept of social engineering.

It's not exactly advanced, three year stuff either - it's in most good "how to be a sysadmin" books.

It is doubly annoying when they do it, you offer to call them back and they give you a number you can't verify is theirs, which has happened to me with my bank a couple of times.

Anonymous said...

Poor young man from my bank got a very frosty reception from me when I was called for the third time in as many months and asked me, as usual, for my date of birth. I pointed out to him that I had no way of knowing who he really was and what did he want anyway? He eventually admitted that he was trying to persuade me to use a credit card cheque I had been sent in the post. He did agree to take me off his phone list and I havent had a call in a while....It really is creepy to be asked your date of birth over the phone by a stranger.
When I was arrested as a Greenham rookie I was told..."Dont give them your date of birth...they can find everything out about you that way" and that was 23 years ago!

Croydonian said...

I had my credit card company ring me the other day, and to their credit when I said I was not going to give out my details just like so, they were gracious, and went through some security procedures.