'Shame on Nationwide – no, I won't give you my security details' blog discussion
Comments
-
I wouldn't suggest not contacting, just not divulging information to a caller who hasn't authenticated themselves. The solution is easy enough: leave a note on the customer record saying who the call should be forwarded to, then invite the customer to call back on the number published on the web site. After the customer has made contact you can then suggest that you call them back and they will recognise your voice and be willing to go through security a second time during that callback.
I wish it was that easy, that was one of my biggest bug bears. To my mind there should be one central system used for verifying people and the CA should be able to leave a note to say which dept was trying to contact them. The reality is that each department uses a different computer system, they also used automated calls to,alert the customer that NBS were trying to get hold of them but I believe the automated number should direct them to the correct dept.
If people would just realise how important it is to keep track of your money and contact the relevant people in case of difficulty things would be a lot easier. Unfortunately many people just choose to bury their heads in the sand and that isn't the answer.£2.00 Savers Club = £34.00 So Far
+ however may £2 coins I have saved in my Terramundi since 2000.
Terramundi weighs 8lb 5oz0 -
... If people would just realise how important it is to keep track of your money and contact the relevant people in case of difficulty things would be a lot easier. Unfortunately many people just choose to bury their heads in the sand and that isn't the answer.
The issue is about bad security practice by financial institutions (not just Nationwide) that encourages people to give out their security details to unidentified callers who may well be scammers.
It is nothing to do with getting into debt, or burying heads in sand. These unsolicited calls asking for security details are not made exclusively to people in debt or financial difficulty.0 -
The issue is about bad security practice by financial institutions (not just Nationwide) that encourages people to give out their security details to unidentified callers who may well be scammers.
It is nothing to do with getting into debt, or burying heads in sand. These unsolicited calls asking for security details are not made exclusively to people in debt or financial difficulty.
I realise that and I did mention it earlier. But, the fact remains that on occasion the banks do have reason to call you but need to verify they are speaking to the correct person first. I really don't think there is an easy answer.£2.00 Savers Club = £34.00 So Far
+ however may £2 coins I have saved in my Terramundi since 2000.
Terramundi weighs 8lb 5oz0 -
The banks need to properly consider the security and risk implications of what their conduct trains customers to do. Training customers to give out personal security-related information to unauthenticated callers is something that senior management responsible for policy setting should realise is weakening the institution's case if phone contact is ever used by a fraudster to create a loss, because the customer would just be acting as the bank has trained them to act.
Agree with you about head in the sand aspects but I've been in some financial difficulties in the past and sometimes that's what it takes to deal with day to day life for a while, though I've not reached the point where it did excessive harm, fortunately.0 -
I've worked in banks and building societies all my life, and we receive regular training in data protection issues.
Selling and marketing is not my thing and I've always worked in admin, so I've often had to call customers to speak about matters that have arisen on their account.
Until I'm sure I've got the right person, by getting correct answers to security questions, I am very discrete about what I say. I don't want to give information to people that aren't entitled to that information
If people aren't happy to answer security questions, it's really no skin off my nose, I just tell them they can call me back if they want to, at our central contact number, so they can be sure their are speaking to the bank, and then answer the security questions. At that point, most of them decide they are happy to answer the security questions, as let's face it, it's a right pain to call any large institution these days, and as they have me on the phone they decide they'd rather find out what I want. Once I know I've got the right person, I can speak about their account and most are happy that I've called as I've been able to help them.Early retired - 18th December 2014
If your dreams don't scare you, they're not big enough0 -
No one has suggested financial institutions should be give out personal information to someone they cannot identify. Equally the customer should not be giving out their security information to a caller they cannot identify. It may be your bank, it may be someone trying to scam your security details.
There are ways around the problem. I suggest one in post #16: allowing customers to set-up a "reverse password".
I suspect the problem is that banks etc would prefer to carry on "Training customers to give out personal security-related information to unauthenticated callers" (thanks jamesd) than spend money on setting up properly secure systems.0 -
A quick google (and I mean quick, first search and first link I clicked on) gave me this page4.There is no alternative method of contact. I then asked: "Do you have an alternative method of contacting me, either via email or secure message through your online banking so I can see what this is about?" Her reply: "No, I can’t do that either – we only ever call, we do not have any other system." (This bit was confirmed later.)
http://www.nationwide.co.uk/contact_us/how_to_contact_us/default.htm
Now with that information, it shouldn't be too difficult to establish the authenticity or otherwise of the call (but you may have to wait until Monday morning now)
I've had a number of calls from people who claim to be from XYZ and want me to give out security information. I never do and simply say if they cannot identify themselves to my satisfaction, then I will call them back ... on a number I will find from their website! (or otherwise already known to me) They can give me further contact details from their (e.g. an extension number to help if they like)
If I doo need to call themn back, I invariably discover the call either
a) does not even originate from the company claimed
or
b) is an unsolicited marketing call (at which point I often ask to start a formal complaint as I rarely give permission for this type of activity and and registered with the TPS/CTPS)
In the majority of cases, the person I speak to cannot actually help me any further, and I never seem to get called back, so it really couldn't have been very important in the first place.
But never, ever disclose your personal security details by telephone to someone/anyone that calls you without them being able to first confirm to you they are who they say they are. If it's genuine, I'm sure most banks (or other services) would fully understand this.
(A bit like checking a waterboard official really is from the water board when he comes knocking at your door to, for example, 'test the quality of the water' ... any genuine official would be happy to wait outside your closed door whilst you check out their authenticity by checking with their claimed employer ... e.g. by telephoning them on a number you know to be genuine, and never one they may ask you to call instead)0 -
I just found this link.
It actually comes from a suggested site on the Nationwide website concerning protecting your security.
http://www.banksafeonline.org.uk/common-scams/latest-scams
There appears to be a name for this type of latest scam
Vishing (as opposed to phishing)Fraudsters cold-call unsuspecting individuals and dupe them into revealing their online or telephone banking security details, by claiming to be from the security or fraud department (of either a bank, card company or another service provider) and saying that their records have flagged up a fraudulent transaction on the victim’s account or that the victim is due a refund. By seeming to offer assistance, the caller hopes to gain their victim’s trust. The fraudster, who may already have some details about the person they are phoning - such as their address - is really trying to find out extra security details, such as passwords. The fraudster may claim that the amount of the fraudulent purchase can be credited back if the individual divulges these details.0 -
So was it just a marketing call, or was there something they needed to discuss urgently with you about the way your account was being operated (remember they were calling you at work!)The truth is, by the end, I was pretty sure this was Nationwide. She made all the right noises (though I may be fooling myself that I’m savvy enough to tell the difference) and indeed, when I called through using the customer service number, the person confirmed it was a genuine call.
And what did they advise when you no doubt expressed the security issues involved in the way they operate?
Surely it can't be their policy to operate in such a risky manner?
If it is claimed to be their policy, then remember that as an account holder, you are probably a member so can attend the AGM (usually held in the middle of the year). Perhaps an ideal opportunity to ask a probing question (they usually have a good Q&A session) as to their security protocols?0 -
A while ago, I had a similar call from Santander about my debit card on a Sunday afternoon using a WITHHELD number, asking for security information. A couple of days earlier I had had an e-mail from them saying that they will always include the last part of my postcode (hardly secure!) in any e-mail correspondence so that I could be sure it was from them. So I asked the person calling from Santander what the last part of my postcode was since they had recently told me that they would always provide this to me when making contact. I didn't say that this was e-mail rather than telephone. Not surprisingly, they said they couldn't give out the last part of my postcode because of data protection.
So I said I would call the published number. But, it was a weekend and the number on the debit card was only available weekdays and not 24 hours a day. So I called the only number that was available on a Sunday afternoon, which was the lost card number. They didn't know about any call to me and all they could do was cancel the card, which I did.
The call was genuinely from Santander and was about a debit card transaction which was fraudulent. It turned out that the only information that had been supplied for the transaction was the card number, no expiry dates or CVV code, so I am not sure why Santander even considered the transaction rather than refusing it outright.
So, Santander encourage their customers to give out security information over the phone and their published number is not available during the hours when they make some of these phone calls.0
This discussion has been closed.
Categories
- All Categories
- 343.1K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.2K Work, Benefits & Business
- 607.9K Mortgages, Homes & Bills
- 173K Life & Family
- 247.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards