Banks, identity theft and social engineering - Karen
Banks, identity theft and social engineering|
One of the things that keeps us safe from fraud/identity theft/other crimes of deception is the ability to think "wow there, something's not right here" and act on that feeling that something isn't right and at least needs further investigation.
Banks seem to be going out of their way to undermine people's ability to keep themselves safe, by behaving in ways that replicate the behaviour of those who are trying to take advantage of us. They phone us and ask us to confirm security information. When we phone them they ask us for security information before they even know what question it is we want to ask (it might be "what time does the branch in $foo close on a Saturday?" - they don't need to know who is asking that question!). They send us text messages from numbers that cannot be verified online - how am I supposed to trust that a text message apparently containing details of my transactions is genuine when there is nothing to link that mobile number to the bank in their contact details page of their website?
So no, banks:
1. You do not telephone me and ask me to confirm who I am. Ever. Bad practice. I won't do so, I will hang up and report the call to you, on a number I can verify as belonging to you, as a potential fraud.
2. I will avoid dealing with you by telephone whenever possible, because it is so fucking frustrating. I don't ask clients who phone me at work to prove they are who they say they are before I'll talk to them! You could make the process much less frustrating by employing staff who speak English to the standard of a native speaker and by not asking security questions until you know someone wants information about their own accounts.
3. Publish your contact information. All of it. If a text message claims to come from you, I should be able to verify it.
This entry was originally posted at Dreamwidth. Please either comment here, or go there to reply using OpenID. There are currently comments at Dreamwidth.
Yes to all of this. It isn't all right, ever.
|Date:||June 15th, 2014 08:31 pm (UTC)|| |
Yeah, amen to that - drives me bonkers too.
Definitely - though all my banks claim in their blurb they live up to the standards you expect. Funny how they generally try phoning me despite it being allegedly in my records that I don't do phone calls - but gave a number for ID verification.