Tuesday, December 30, 2008

Bank security - grumpy old man?

Serious question: Am I a grumpy old man?


Security
Originally uploaded by CarbonNYC
Before you answer that, here is some context. Tonight, about 8:15pm I got a phone call from someone who said they were from my bank - lets call it the Abbey. The conversation went something like this...

Abbey: Hello. I'm from the Abbey and I'm phoning about an account you have with us.
Me: OK
Abbey: Before I go any further, can I ask you for some details to confirm your identity?
Me: Hang on. You've just cold called me, and I have to confirm who I am?
Abbey: It's Data Protection - I can't discuss your account until you have confirmed your personal details.
Me: Well, can I ask what it's about?
Abbey: No. As I said, Data Protection means I can't discuss your account with you until you have confirmed your identity.
Me: Are you trying to sell me something?
Abbey: No, I can assure you, this is not a sales call.
Me: is there a problem with my account then?
Abbey: I'm sorry, as I said, I cannot discuss your account until you confirm your identity.
Me: But you cold called me. You could be anyone. Surely you should be confirming your identity to me.
Abbey: I can give you a number if you would prefer to ring us.
Me: But you could give me any number. And what do I say when they ask me, "How can I help?" What do I tell them? "I don't know. You phoned me." Can you not give any indication as to what this call is about?
Abbey: I'm sorry, as I said, I cannot discuss your account until you confirm your identity.
Me: Grief! OK. What do you need to know?

At this point, and against my better judgement, I gave then my address and date of birth. Then she asked:

Abbey: And can you confirm your phone number?
Me: Sorry? This number that you just phoned a moment ago?
Abbey: Yes.
David: You want me to tell you the number of the phone, that you just rang, that I just answered, to confirm that I am me?
Abbey: Yes.
David: This is ridiculous! What is this call about?
Abbey: We're just going round in circles!

At this point we agreed that I would go into my local branch tomorrow and ask them why I was phoned tonight.

Was I right to be suspicious? In my defence, I would say that we are warned against identity theft by the banks themselves told to be careful with our personal details. Yet here is someone, claiming to be from a bank, but who could be anyone, asking for my personal details over the phone. Is it just me, or is that odd?

So, back to the original question. Am I a grumpy old man?

10 comments:

Mr W said...

I think you're 100% right. I never give any details to anyone who cold calls me, especially as they are the ones that want me to confirm who I am...

A good compromise is to ask them to give you a number to call, and then don't call it. Do as you're going to do and contact your branch directly...

My wife goes apoplectic at these calls... I love watching her as she gets more and more peeved at their attempts to get her to give out security details. Suffice to say, she's made several complaints to the bank (let's call them In Public Ownership plc) to no avail...

eiela said...

If you're a grumpy old man, then so am I. I hate calls like that. I usually just hang up on them. (WaMu gets quite irate when you do that, though).

John Connell said...

I had an almost identical conversation with a pleasant young man from the Bank of Scotland a couple of weeks ago, except that I didn't cave like a wimpy blancmange in the way that you did ;-)

I gave nothing away and eventually phoned the number he gave me.....to my huge annoyance I discovered it was all completely kosher.

Still doesn't make sense though, that they phone us and demand that we prove who we are!

Oh...and Neil - "...contact your branch directly..." - BoS ditched that possibility a LOOOONG time ago! :-)

Philip Schonken said...

I agreed with you. I never give out my details when cold called.

nwinton said...

@John: I'm still with the bank formerly known as RBOS so we still have branches. Actually, I meant to write to them about their borrowing which is a little over the originally agreed amount. I will, of course, be charging them £25 for the letter… admin costs and all…

Col said...

I'm grumpy and proud of it on matters like this. I particularly object to the way they imply I have to jumpo through all these hoops... for my own benefit. I tell them to write to me.... and then laugh if they ask for my address.

Laurie O'Donnell said...

David,
Happy New Year.

Just commenting to let you know I have tagged you in end/start of year game.

http://ltsblogs.org.uk/laurieodonnell/2009/01/02/tagging-game-facts-about-me/

Yours
Laurie

Gordon McKinlay said...

Less of the old! You are older than me.

Did you go into the bank the following day? It sounds like a phishing expedition to me.

We registered with the telephone preference service and that made a big difference to the number of cold calls we get

David said...

Update

I did go to the branch the next day and they had nothing on their system to indicate that anyone should have been trying to contact me and agreed that I shouldn't give personal details on the phone. However, they admitted that they can't see any information about the credit card that the Abbey gave me. I phoned the credit card people and yes they did need to talk to me about a problem. (A problem caused by a mistake that they made and that they have assured me two months in a row that they had fixed... but clearly haven't!) So I sorted it out again... I hope. Five minutes after I had phoned them. They phoned me back to confirm that the probem they had tried to call me about the night before (but wouldn't tell me about) had now been resolved. Grief!

So, the advice of the cold caller (who it seems was from the Abbey after all) to go and visit my branch was useless, except that the branch confirmed that their own company is acting stupidly by cold calling their own customers and asking for proof of identity without proving their own legitimacy first.

Andy McSwan said...

David,

Worryingly I must be a grumpy old man as well then, Having been a past employee of said bank I'm not surprised they've made a mistake.

One way they've got round this before was to ask for a couple of letters from the password and not the password as a whole, the operator on the phone should then be able to confirm the full password.