It’s kind of a throwaway account, not much money, and I was on the fence till (as above) I discovered they’d changed their service charge agreement in their own favor without ever notifying me. Two strikes and you’re out, in this case.
Er, what? No, it’s a terrible practice to ask for confidential identifying information when an unidentified number calls you. They know who you are because they called you. You don’t know who they are.
If it’s essential to verify that someone other than the account holder didn’t answer the phone, there has to be some other procedure - calling back, or some kind of exchange of information - some kind of question-and-response procedure where both the question and the answer are secret.
x1000. This is the entire point.
It’s stupid because by doing exactly what scammers would do, it provides cover for scammers. The proper response to someone calling you and asking for your SSN is to call the police.
Yes, they need to verify who you are. By calling you, they’ve already done that: They know that you’re the person with your phone number. How do they verify who THEY are?
Maybe allow the customer to designate a passcode/phrase/PIN the service rep can use to authenticate?
Ho ho, I like that!
Er… if you have my phone number, you have no idea whatsoever that I’m the person who answers it. If your bank ever expects to proactively call you, they must have some way of authenticating you, whether that’s SSN or some other secret.
It seems to me that a question and answer set up the customer serves this purpose. Just as “what is your SSNO” is not acceptable, it could not be something as vague as “what is the name of your pet”. The question itself should contain information that would be unknown to a scammer. For example"
“What is the middle name of your Aunt Jemima?”
Which I addressed, in the second part of my post. Many people would be happy to stipulate ahead of time that if the bank calls their cellphone, the bank can assume that nobody else has access to the phone. Alternatively, some exchange of information must take place - it cannot just be a one-way flow of identifying information from the person who answers the phone to the caller.
In any event, if the “wrong” person answers the phone, the consequential damage is relatively small - a family member or colleague who should not be told things about your account; or at worst a random stranger if the bank misdialled. Whereas if the “wrong” person is calling, they will certainly be a scammer. It’s much more vital that the caller be identified correctly.
Which is why they quite properly give you the third degree when you call them.
I would have called back too, but closing the account over it is likely pointless. Knowing human nature, every financial institution likely does stupid things with your info, you just usually don’t see it.
I use a credit union. They never ever call, but instead use mail or email. If I need to prove my identity, there’s a PIN on the account that’s different from my ATM PIN, set up after a check we wrote was stolen.
I was on my bank website last night and noticed their standard banner across the top that states they will never call and ask for your account number or SSN. Those who are saying it’s fine or that every bank has similar lax security are just flat-out wrong.
A credit card scammer tried to get me by asking if my card number started with “xxxx”. Of course - all credit cards issued by this company in this country start with the same four digits. I didn’t fall for it.
Maybe try increasing fiber in your diet.
It absolutely is lax security. While the bank is required to get your SSN to open the acct, it should be masked to all but essential personnel to help prevent identity theft by a rogue employee. Call center employees are not considered those essential personnel. The first 5 digits should either be masked or not display at all.
I’d also bet a regulator would come down on them if they found out about this poor practice.
It also trains customers to fall for scams.
I wonder if the decades of overseas “customer service” centers are part of the willingness to fall for scams.
I’ve heard Microsoft/Norton/McCaffee scammers claim to need SSNs and birthdates in order to cancel services and issue refunds.
My wife has had her credit card compromised twice. Both times, she got a call from the credit card company. They explained the problem and why they flagged the transactions.
Then, they instructed her to call the phone number listed on the credit card and which department to speak to in order to cancel her current card and obtain a replacement.