I opened a new bank account recently, and also applied for a VISA card. The credit card department this morning called me to verify some personal data. When the person started asking her questions, I stopped her. I told her I would have to verify who she was before I could give her any such data. She agreed, and gave me a number and extension to call back. But how could I tell that number was not just some fancy scam line?
I hung up and tried to verify the number she had given me on the bank’s website. No phone numbers were available. Fortunately the phone number was in the yellow pages (among 70 other numbers for the bank in question), which is good enough for me. But it still raises some questions:
- How many customers would think to do this?
- Banks are always telling us not to give out our information away online, but if that’s the case, why do they call us up out of the blue and ask for it without any easy way for us to verify? To me it would be easy enough to avoid this problem by either having a personal security code the employee can cite to prove they are who they say they are, or else the bank could provide a telephone number on the bank’s website that customers could call back on. An employee calling a customer to verify personal data could then give a code/extension on that number for the customer to call back on so the customer could verify that the person they were talking to was a bona fide employee.
Fraud is as much about social engineering as it is about technical wizardry. Calling customers up and asking them to provide personal data without any easy way for the customer to verify who they are is not just poor business practice; it continues to send a message to customers that somehow giving out data to strangers is OK.
xetrade (currency conversion) did the same thing. the daft thing is that they expect you to email passport/social security photos to an email address. No encrypted upload facilities or anything and we all know that email can be easily intercepted……
btw, your comment script is broken as it doesnt accept http://absoblogginlutely.net as a url.
typepad fixed the commenting script (hopefully)
Hi Jeremy, i actually did something similar to you, I asked for verification and the lady got upset!
so, i’m not sure what to do in cases like that… the banks just assume when they call that we instantly recognize them… sheesh…
Pingback: The J Spot
Same with me. That guy from Xetrade phones me asks me all the personal information(though I have sent most by email, Bank account numbers etc- He says verification). and finally whst is my SSN. I told him to stop asking and close the topic.
It seems that XEtrade is good elsewhere but not in US.
If XETRDE is so good, whey don’t they have a secure web account system with have your SSN entered before registeration.Most of the US banks do this to open the account
With all respect I have my own doubts about Xetrade and can not take risk if these are the practices followed
Extrade do now have a secured site. After giving them 5 times more information than I have ever been asked for. I sent back and front of Driv. Lic, bank statement x 2, Utilliy bill and then they ring you and want how much how often, the use, how I got the money and then more private stuff and then other bank account details. STOP STOP STOP !!! No way thats it. It ended in having no account. I am now afraid of identity theft. Great what.