Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[sevenlayermuddle]

I got a call from Vodafone the other day wanting to discuss my account (in other words to sell me something).  I have no doubt that the call was genuine but, shockingly, they commenced by asking me to 'answer some security questions' to conform with data protection act.  

In my view, such security questions are to allow you to identify yourself when you make an outgoing call, but  you should never - ever - answer such questions on an incoming call.   The reason is that it's a tactic that can easily be used by malicious callers to gather the answers to common security questions such as date of birth, postcode,  mother's maiden name or whatever etc.    Once the answers are known, a villainous party can then call Vodafone (or whoever), and - with luck - be able to gain access to your account details.  Even if you believe the caller to be genuine you should refuse, as it's a good way of pointing out to them that their security procedures are deeply flawed.

I had the same issue with one of the banks a while ago.  I called them with a question, then they called me back with the answer, but refused to discuss unless I answered some 'security questions'.  I refused of course, which led to some interesting dialogue.

I do despair sometimes at the big corporates total lack of comprehension of basic security.

[HPsauce]

Totally agree.
I had a call the other day which I'm pretty sure was from a financial institution that I deal with - exact same issue. Not the first time either.
When they ask for me I just say give me a message and I'll pass it on. They then refuse as I haven't identified myself!
So I say. How do I know who you are - you rang here? They NEVER understand.
I just say, if you're genuine please write, and don't identify myself at all.

Also had sales calls from BT - they get quite unpleasant when you ask them to prove who they are.

If you've got time on your hands this can be a useful guide to winding them up:
http://www.xs4all.nl/~egbg/counterscript.html

On the other hand I've had genuine calls from my bank about card fraud. I hang such calls up immediately they say who they are and call them back on a known number.
If it's genuine I tell them what I did and they always say that's fine and very sensible.

[pintosal]

I had similar experiences with Barclaycard, and I complained bitterly.

Now they have quite a good system when they suspect a dodgy transaction. You register your mobile phone, and if their systems detect unusual account activity, a machine calls your and asks you to verify individual transactions. Before you do that and to check it's the 'registered' person, they give you various questions, eg they list 4 or 5 different dates and ask you to select which one is your birthday. Get that wrong and the system drops the call.

[sevenlayermuddle]

That new Barclaycard system does sound like a step in the right direction.

I'm impressed if you got anybody to take any notice of your complaint, though, I've largely stopped bothering to try.  Anytime I've tried to criticise anything related to a (any) bank's security, they rather arrogantly fail to understand (or deliberately refuse to understand) what I'm complaining about.  

In the days of underground vaults with steel shutters and great big locks,  it's fair to assume bankers were the experts in the field. But I don't think they've really tuned into the idea that nowadays plenty of computer savvy customers will have a better understanding of online security, or phone security, than the call-centre staff.

- 7LM

[risk_reversal]

Ditto here. When anyone calls me asking me to confirm who I am and to provide sensitive info, my standard reply is

"no problem I am happy to do that but firstly how are you going to identify yourself to my full and complete satisfaction since as far as I am concerned you could be the butcher from down the road" - no offence to any butcher(s) intended.

Even if it were possible for them to identify themselves correctly first, I would still not proceed with the conversation if I had not specifically called them.

Good Luck

[chrissie]

Regarding security and banks, I complained bitterly and in several letters over months to-ing and fro-ing between Lloyds TSB and myself, about them keeping the full card numbers online on my bank payments section, I wanted them to "star out" all but the last four digits.  They refused saying it helps people identify each account!!  I said if people are stupid enough not to know which account/card they are paying from their bank then they don't deserve to have access to payment online!  They would not relent and still haven't, so if anyone was to hack my account online they would be able to see all the card and all the account numbers to everything I pay online via my bank.  I'm still infuriated with this as I know from online card accounts they don't put the full number in your online account with them, so if they don't why can't Lloyds do the same.

Thanks for the info re incoming calls, thankfully they are few and far between here but if ever they do that to me in future I will certainly be prepared.