'Shame on Nationwide – no, I won't give you my se...

[MSE Helen]

This is the discussion to link on the back of Martin's blog. Please read the blog first, as this discussion follows it.

Read Martin's "Shame on Nationwide – no, I won't give you my security details" Blog.

Please click 'post reply' to discuss below.

[lemontart]

I will never give details to such callers - like you I will locate a number myself to call them to see if genuine

[ringo_24601]

I like to ask them questions that they should know about me. Asking my current balance, what my address is ect... pulls the power back in your direction

[HappyBunny]

A few years ago they called me at work - asking personal questions such as DOB etc.

Martin - what do Nationwide have to say about these calls?

[Simon_c]

I get really cross with these calls too. It's bad enough when it's a genuine reason for the call, but when you call back on the published customer service number and they have no record of the call or why it just gets worse. I normally ask them how I know it's whatever bank it is, and that normally flummoxes them. The only time I was presently surprised by the way the call worked out was when it was Barclays security who were querying a transaction. They seemed fine that I wouldn't give security details, and went ahead with explaining the problem anyway. I've been on at every institution who calls me for ages how bad this is, and how it trains their customers in insecure practices, but nobody listens. It needs someone with the clout of you Martin to really embarrass them into sharpening up their practices.

[JimmyTheWig]

Quote:

Originally Posted by ringo_24601

I like to ask them questions that they should know about me. Asking my current balance, what my address is ect... pulls the power back in your direction

Surely they can't answer that until you have been through security...

[beniamino]

I've had exactly the same kind of call from Lloyds TSB. The caller refused to give his name or where he was calling from (just "This is his bank"). He then tried to get me to give out my address and other personal details. I asked how I could know that he was a genuine caller, and got no satisfactory reply.

If people get used to answering these kinds of questions to cold callers, it will be a gift for identity thieves.

[enomis]

It has happened to me too, very recently with HSBC. Seems like they are all at it!

[jamesd]

It's quite common and your responses are similar to my own, where I'll typically ask the caller to authenticate themselves before disclosing personal information.

The automated transaction check calls made by some institutions require you to give personal information to an electronic voice call to authenticate. That's spectacularly insecure, training their customers to act wrongly and IMO should be prohibited by their regulator.

You're a higher risk target than I am, though, so have to be even more cautious than most, as do any of your employees and family or friends who might be asked about you or for personal information about you that might conceivably be used in some security questions somewhere.

If I have reason to expect the call I will sometimes ask the caller to add up the day and month of my date of birth to demonstrate that they know those two numbers, without them actually compromising that information. Similar alternative ways can sometimes be used to confirm knowledge of other data without actually disclosing the data.

BTW Martin, what's your favourite colour? No, don't answer, it's a fairly common security question. So you need to be giving something other than the truth for one of the security or non-security contexts. Someone who can do research on you could probably get enough details to pass the alternative security authentication for a Standard Life pension if you had one of those. Not uncommon at other places for their backup questions to have answers that are readily researchable.

I suppose now's a somewhat appropriate time to welcome you to the high net worth world and suggest that you consider asking your financial institutions to require a secondary security check like an additional code word only known to you and them before providing information. It's only a matter of time before you're attacked.

[ringo_24601]

Quote:

Originally Posted by JimmyTheWig

Surely they can't answer that until you have been through security...

haha, no they won't.. The only proper way to deal with it is to give the company a ring back and ask what the problem is.

Then you can get very angry if it's a marketing call

Quote:

BTW Martin, what's your favourite colour? No, don't answer, it's a fairly common security question. So you need to be giving something other than the truth for one of the security or non-security contexts. Someone who can do research on you could probably get enough details to pass the alternative security authentication for a Standard Life pension if you had one of those. Not uncommon at other places for their backup questions to have answers that are readily researchable.

Ideally, you should have all those 'questions' as passwords, and nothing to do with the question, and not re-use them between systems.

Oh, one day I should practice what I preach - but it will need me to write all the passwords/answers down or you'd go insane trying to remember them all

[KTF]

If you 'never give personal information to people on the phone' then I assume that you never have cause to phone up any company that requires some sort of authentication?

I dont see the issue in confirming your postcode or part of your address. The only password the bank will ask for is bits of your phone banking password (if you are registered for it) which (assuming you are not daft) will be different to your online banking one anyway.

Phone calls like this are almost always marketing calls anyway but sometimes they do call to check credit card purchases so if you have ordered something pricey, I look forward to a blog about you moaning about how it didnt get delivered because of 'stupid' bank process.

[Nile]

Quote:

Originally Posted by Simon_c

I get really cross with these calls too. It's bad enough when it's a genuine reason for the call, but when you call back on the published customer service number and they have no record of the call or why it just gets worse. I normally ask them how I know it's whatever bank it is, and that normally flummoxes them. The only time I was presently surprised by the way the call worked out was when it was Barclays security who were querying a transaction. They seemed fine that I wouldn't give security details, and went ahead with explaining the problem anyway. I've been on at every institution who calls me for ages how bad this is, and how it trains their customers in insecure practices, but nobody listens. It needs someone with the clout of you Martin to really embarrass them into sharpening up their practices.

Yes, I had a good opinion of Barclays Bank when they called my home. It was frustrating that they wouldn't discuss why they wanted to speak to my OH (who was out when they rang) but I was impressed when they rang back and spoke to my OH...........to discover that they were concerned about unusual activity on the credit card.

Barclays Bank seem to be pretty good.

I'm a customer of the Nationwide but I've never had a phone call from them. My experience has been very good so far. When I go into the Nationwide branch, the staff are very friendly and polite.

[adecor]

Had this with Metro too

[henry bananas]

They would not stop pestering me with calls and text messages asking to ring back.

When I did ring - they didn't know what I was contacted for!

This went on for about 3 weeks!!!

on a side note I don't think Nationwide are too bad as it goes it is just this daft problem I had with them.

[ellie99]

I've had this with the Royal Bank of Scotland, I complained to my local branch, and haven't been contacted again. (Also hate the way the tellers count out loud if I'm getting cash at the counter, there's a queue of people watching and listening!)
My son had a call from his bank today because he had had a large sum paid in to his current account (from another bank) and they wanted to check he was entitled to it!

[LardyCake]

Yes I've had this type of call, I always refuse to give them any information and explain why - "I don't know who you are". I ask which department they are from and call the published number.

Martin, I'm surprised you've only just become aware of this issue but hopefully you can make the banks, credit card companies and the public see why this is such bad practice. Good luck.

One possible solution: to amend their systems so you can set-up a "reverse password" which you can ask the person calling for (in whole or part).

[callum9999]

Quote:

Originally Posted by ellie99

I've had this with the Royal Bank of Scotland, I complained to my local branch, and haven't been contacted again. (Also hate the way the tellers count out loud if I'm getting cash at the counter, there's a queue of people watching and listening!)
My son had a call from his bank today because he had had a large sum paid in to his current account (from another bank) and they wanted to check he was entitled to it!

Surely all bank tellers do that? It's standard practise to show you that they are in fact handing you the right amount of money - otherwise you could just step away from the counter, slip a note in your pocket and complain you were short changed.

[ellie99]

Quote:

Originally Posted by callum9999

Surely all bank tellers do that? It's standard practise to show you that they are in fact handing you the right amount of money - otherwise you could just step away from the counter, slip a note in your pocket and complain you were short changed.

I see your point Callum, hadn't thought of that.
A couple of times I've withdrawn enough to buy a second hand car, it made me really uncomfortable to know the queue behind me would hear how much I was leaving with, maybe it's because I'm female? I asked the teller to not say it out loud, they were ok with that.

[jamesd]

Quote:

Originally Posted by KTF

If you 'never give personal information to people on the phone' then I assume that you never have cause to phone up any company that requires some sort of authentication?

If you are phoning the company at one of the numbers that you already know for it, you can be sure that you are speaking with a representative of the company. The problem is if you receive a call, because calling line identification can be forged, so you have no reliable initial indication of whether it is the bank or me or a criminal or a radio host calling you to obtain details.

[sidsmum]

I had a call from my Bank once offering me a loan, "But first can I take some security details?" I said they couldn't as I hadn't asked them to phone me and I didn't want a loan anyway. I was quite annoyed at the time.