If you call a bank up to report a lots credit card, or have any queries at all, you get put through a string of questions, regarding your personal information so that they can verify that you are who you claim to be.
I’m all for that – but what happens when the “bank” calls you up?
Well, before they’ll even entertain the idea of letting you know who they are and where they’re from, they again want to put you through a string of questions, to verify that you are who you claim to be.
Now, am i the only one who’s read countless books on social engineering? or am i the only one getting spam mail sent contain bank detail hoaxes?
Do i then normally reply with all my personal details, banking details (account numbers, pin codes, passwords etc) straight away because they ask for it?
no – that’s the short answer – i don’t – and neither should you.
So what makes a bank think that i’ll simply just take their word for it that they are who they claim to be? And god forbid that i should tell them that i’m NOT going to verify who i am by giving you all my details over the phone before i can verify who you are…
Last time it happened for me was when my banks fraud squad had found some “suspect” transactions against my credit card and called me up…i told them the person on the phone that i had absolutely no intentions of giving him/her my banking details, nor any of my personal details – they should know these already if they’re calling me.
Obviously i must be one of the very few that has any problems with this set of practises – seeing as banks are continuing to use this approach. Oh, it’s great for them as they can verify who i am, but i’ve no way at all to verify who they are.
Either people are too trusting or banks sees this as “the best practise” approach…
Basically, if a bank – or hell, any other organisation or corporation – wants to know who i am, they can give me means to verify who they are. Why don’t they call me up and ask me to call a specific number (which should be preordained via my banking details) together with a RSA SecurityID code? Or, why don’t banks give me details that enables me to verify the caller? such as a password for them to say, or other details they can verify?
I think it’s just about being lazy and i dont’ think i can’ count how many bank calls i’ve hung up on because they refused to let me, in any way or form, verify who they are.
Does anybody else have any problems with these practises?