Banks seem to be going out of their way to undermine people's ability to keep themselves safe, by behaving in ways that replicate the behaviour of those who are trying to take advantage of us. They phone us and ask us to confirm security information. When we phone them they ask us for security information before they even know what question it is we want to ask (it might be "what time does the branch in $foo close on a Saturday?" - they don't need to know who is asking that question!). They send us text messages from numbers that cannot be verified online - how am I supposed to trust that a text message apparently containing details of my transactions is genuine when there is nothing to link that mobile number to the bank in their contact details page of their website?
So no, banks:
1. You do not telephone me and ask me to confirm who I am. Ever. Bad practice. I won't do so, I will hang up and report the call to you, on a number I can verify as belonging to you, as a potential fraud.
2. I will avoid dealing with you by telephone whenever possible, because it is so fucking frustrating. I don't ask clients who phone me at work to prove they are who they say they are before I'll talk to them! You could make the process much less frustrating by employing staff who speak English to the standard of a native speaker and by not asking security questions until you know someone wants information about their own accounts.
3. Publish your contact information. All of it. If a text message claims to come from you, I should be able to verify it.
This entry was originally posted at Dreamwidth. Please either comment here, or go there to reply using OpenID. There are currently comments at Dreamwidth.