I got a phone call from my bank (Barclays) saying they were conducting account reviews andf asking if I had the time to go over a few things with them. I didn’t really want to, so I said no and hung up. A couple of days later, they called back and tried the same with my wife; they said she’d have to confirm her identity first and could she give her date of birth and debit card number.
Instantly suspicious (yay, well done missus!) she said there was absolutely no way she was going to divulge those details to an unsolicited incoming caller; they tried a bit of persuasion which failed, so they gave up and she ended the call.
She dialled 1471 and made a note of the caller ID; I called this back and got a recorded message purporting to be Barclays Bank (but of course anyone could set that up)
So I visited a branch today to ask about it and expected to be told that it was a known scam, but no; apparently it was a genuine call. I simply cannot believe that in this age of identity theft, where we are constantly being told never to divulge any important details to telephone callers, that a large financial institution would actually make genuine calls requesting those details. What they hell were they thinking?
I worked for a bank a number of years ago and managed a team of people that made calls to verify transactions that people conducted with their various banking products.
In an effort to minimize losses to account holders and themselves banks will use in house or third party models to query unusual transactions and verify their authenticity with the account holders. This introduces the problem of authentication. The detection agents need a method to authenticate the person that answers the phone so that they don’t share data on private financial transactions with anyone but the true owner of the account.
What we used to do is ask for some identifying data element such as mother’s maiden name or the last 4 SSN digits. If the person felt uncomfortable with the agent would instruct them to call the CS number and verify their transactions with them. This is what Barclay’s should have done. Perhaps it was a training issue with that particular agent. But anyway, that’s what they were thinking.
Personally, I appreciate it when financial institutions contact me to make sure everything is ok with my account(s).
For the record, this wasn’t anything to do with unusual transactions, it was just an account review, but in any case, I think it’s a matter of principle; everyone should feel uncomfortable about divulging sensitive information to an unknown, unsolicited caller - everyone - not just twitchy nervous folks.
I would have been happy to be asked to visit a branch, or to return a call to a number that I looked up for myself in the phone book, but expecting customers to ever accept that these calls are genuine in and of themselves just contradicts and therefore dilutes all the good security advice we are given about withholding personal information to unsolicited callers.
Agreed. The call in the OP would have me deeply suspicious as well.
In the last two months, all banks in the Netherlands have been requested to check the indentity of their accountholders.
They accomplished this by including letters, announcing that fact, with the regular bankstatemens. The letters asked people to come to the bank with their passports in the next weeks. At the same time, there was some PR on national TV, and on the outsides of the banks announcing this campaign as well.
That, IMHO, worked much better.
How i wish everyone was as security conscious as you Mangetout ! I don’t care if it would put me out of a job. :eek:
The problem is a bit more complicated. The models that most banks use are fairly proficient. Meaning that a lot of the transactions they identify have a high probability of being unauthorized. If they can’t confirm or deny the transaction with the person they must put a hold on whatever instrument it is (credit/debit card etc).
I can’t tell you how many times I’ve heard from cardholders, “You put a hold on my card!?! If you had just called me first we could have avoided this!” when they’ve tried to use the card after we placed a hold. Its kind of a double edged sword.
I know they probably said “just an account review” to you but they needed to confirm something that happened. They don’t just randomly pick accounts that have no activity to investigate.
I got an email from 5th 3rd Bank, with a similar tune. We don’t have any accounts with them, so I went to the 5th 3rd website. They had a first-page section about phony emails, and it asked me to forward the email to them. I did.
No, apparently they do; when I visited the branch, they said it was a customer satisfaction/product awareness thing and that a block of customers’ details would be periodivally passed to a call centre to be contacted in this way.
Wow. Barclay’s certainly has unusual practices then. Usually contacts for such purposes can be done through email (or automated IVR calls) that don’t require nearly as invasive authentication procedures as fraud prevention contacts do. They’re much more costly to do in that manner as well since they are done by humans that must be paid. They really asked you for your debit card number to do a customer satisfaction survey? I guess I learn something new everyday. Seems extremely inefficient and causes undue negative user experiences.
I suspect, given my experiences with Lloyds, that a review is actually a disguise to sell you something. That is, it isn’t so much a scam as an upselling tactic.
After my last conversation with Lloyds about this, I suspect that they won’t try it again, as I made it clear that I wouldn’t purchase anything from people that try to deceive me in such a way.
I bank with Yorkshire and have heard not a peep from them until quite recently. I received an inheritance from my uncle and paid the cheque into the bank, fully intending to spend the majority of it fairly quickly on home improvements. Within a week, I’d had two letters from the bank asking me to contact them for a “review of my account facilities”. So they’re not interested until there’s a large sum they could get their grubby mitts on.
On top of that, I was looking at a lump sum savings plan with the remaining couple of thousand…so I looked on their website and found an account that suited me - it’s only accessible via telephone or internet banking but you need to have the right kind of current account for it. So I wrote and asked them to change my current account to the correct variety, which they did. But they won’t transfer money to a new savings account (despite me also asking this in my letter) because I have to visit a branch to do that. The whole idea of me having 'net banking is because there are no local branches that I can get to, which I’ve explained to them several times.
Head, meet brick wall. Brick wall, say hello to head.
So they gave your details, presumably including your debit card number(s) (since they needed it for verification), to a third party? Wow. I think I’d probably be looking for a new bank.
Is it true that I could call my credit card company ahead of time to tell them I will be somewhere unusual for me, and they could suspend the checking for suspicious activity? I went to France and they stopped my card (quite inconvenient I must say) because I used it in France. :smack:
[QUOTE=AskNott]
I got an email from 5th 3rd Bank/QUOTE]Is this the stupidest name ever for a bank or what? At least Third Fifth Bank would make sense mathematically.
They can certainly do it at the bank I used to work for and I can’t immediately think of a good reason why any other bank couldn’t do it. Perhaps if they outsource their risk ops and there isn’t good communication between them and the vendor…