karen2205: Me with proper sized mug of coffee (Default)
Karen ([personal profile] karen2205) wrote2014-06-15 01:00 am

Banks, identity theft and social engineering

One of the things that keeps us safe from fraud/identity theft/other crimes of deception is the ability to think "wow there, something's not right here" and act on that feeling that something isn't right and at least needs further investigation.

Banks seem to be going out of their way to undermine people's ability to keep themselves safe, by behaving in ways that replicate the behaviour of those who are trying to take advantage of us. They phone us and ask us to confirm security information. When we phone them they ask us for security information before they even know what question it is we want to ask (it might be "what time does the branch in $foo close on a Saturday?" - they don't need to know who is asking that question!). They send us text messages from numbers that cannot be verified online - how am I supposed to trust that a text message apparently containing details of my transactions is genuine when there is nothing to link that mobile number to the bank in their contact details page of their website?

So no, banks:

1. You do not telephone me and ask me to confirm who I am. Ever. Bad practice. I won't do so, I will hang up and report the call to you, on a number I can verify as belonging to you, as a potential fraud.

2. I will avoid dealing with you by telephone whenever possible, because it is so fucking frustrating. I don't ask clients who phone me at work to prove they are who they say they are before I'll talk to them! You could make the process much less frustrating by employing staff who speak English to the standard of a native speaker and by not asking security questions until you know someone wants information about their own accounts.

3. Publish your contact information. All of it. If a text message claims to come from you, I should be able to verify it.

Post a comment in response:

From:
Anonymous
OpenID
Identity URL: 
User
Account name:
Password:
If you don't have an account you can create one now.
Subject:
HTML doesn't work in the subject.

Message:

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org


 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.