'Shame on Nationwide – no, I won't give you my security details' blog discussion

This is the discussion to link on the back of Martin's blog. Please read the blog first, as this discussion follows it.




Please click 'post reply' to discuss below.
«134567

Comments

  • lemontart
    lemontart Posts: 6,037
    First Post First Anniversary Combo Breaker
    Forumite
    I will never give details to such callers - like you I will locate a number myself to call them to see if genuine
    I am responsible me, myself and I alone I am not the keeper others thoughts and words.
  • I like to ask them questions that they should know about me. Asking my current balance, what my address is ect... pulls the power back in your direction
  • A few years ago they called me at work - asking personal questions such as DOB etc.

    Martin - what do Nationwide have to say about these calls?
  • I get really cross with these calls too. It's bad enough when it's a genuine reason for the call, but when you call back on the published customer service number and they have no record of the call or why it just gets worse. I normally ask them how I know it's whatever bank it is, and that normally flummoxes them. The only time I was presently surprised by the way the call worked out was when it was Barclays security who were querying a transaction. They seemed fine that I wouldn't give security details, and went ahead with explaining the problem anyway. I've been on at every institution who calls me for ages how bad this is, and how it trains their customers in insecure practices, but nobody listens. It needs someone with the clout of you Martin to really embarrass them into sharpening up their practices.
  • JimmyTheWig
    JimmyTheWig Posts: 12,199
    Name Dropper First Post Combo Breaker First Anniversary
    Forumite
    I like to ask them questions that they should know about me. Asking my current balance, what my address is ect... pulls the power back in your direction
    Surely they can't answer that until you have been through security...
  • I've had exactly the same kind of call from Lloyds TSB. The caller refused to give his name or where he was calling from (just "This is his bank"). He then tried to get me to give out my address and other personal details. I asked how I could know that he was a genuine caller, and got no satisfactory reply.

    If people get used to answering these kinds of questions to cold callers, it will be a gift for identity thieves.
  • enomis
    enomis Posts: 45
    Name Dropper First Post First Anniversary Combo Breaker
    Forumite
    It has happened to me too, very recently with HSBC. Seems like they are all at it!
    Save 12k in 2017 #78 £15,500/15,000 (103.3%)
  • jamesd
    jamesd Posts: 26,103
    Name Dropper First Post First Anniversary
    Forumite
    edited 6 December 2012 at 2:34PM
    It's quite common and your responses are similar to my own, where I'll typically ask the caller to authenticate themselves before disclosing personal information.

    The automated transaction check calls made by some institutions require you to give personal information to an electronic voice call to authenticate. That's spectacularly insecure, training their customers to act wrongly and IMO should be prohibited by their regulator.

    You're a higher risk target than I am, though, so have to be even more cautious than most, as do any of your employees and family or friends who might be asked about you or for personal information about you that might conceivably be used in some security questions somewhere.

    If I have reason to expect the call I will sometimes ask the caller to add up the day and month of my date of birth to demonstrate that they know those two numbers, without them actually compromising that information. Similar alternative ways can sometimes be used to confirm knowledge of other data without actually disclosing the data.

    BTW Martin, what's your favourite colour? No, don't answer, it's a fairly common security question. So you need to be giving something other than the truth for one of the security or non-security contexts. Someone who can do research on you could probably get enough details to pass the alternative security authentication for a Standard Life pension if you had one of those. Not uncommon at other places for their backup questions to have answers that are readily researchable.

    I suppose now's a somewhat appropriate time to welcome you to the high net worth world and suggest that you consider asking your financial institutions to require a secondary security check like an additional code word only known to you and them before providing information. It's only a matter of time before you're attacked.
  • Surely they can't answer that until you have been through security...

    haha, no they won't.. The only proper way to deal with it is to give the company a ring back and ask what the problem is.

    Then you can get very angry if it's a marketing call
    BTW Martin, what's your favourite colour? No, don't answer, it's a fairly common security question. So you need to be giving something other than the truth for one of the security or non-security contexts. Someone who can do research on you could probably get enough details to pass the alternative security authentication for a Standard Life pension if you had one of those. Not uncommon at other places for their backup questions to have answers that are readily researchable.

    Ideally, you should have all those 'questions' as passwords, and nothing to do with the question, and not re-use them between systems.

    Oh, one day I should practice what I preach - but it will need me to write all the passwords/answers down or you'd go insane trying to remember them all
  • KTF
    KTF Posts: 4,820
    Combo Breaker First Post First Anniversary
    Forumite
    If you 'never give personal information to people on the phone' then I assume that you never have cause to phone up any company that requires some sort of authentication?

    I dont see the issue in confirming your postcode or part of your address. The only password the bank will ask for is bits of your phone banking password (if you are registered for it) which (assuming you are not daft) will be different to your online banking one anyway.

    Phone calls like this are almost always marketing calls anyway but sometimes they do call to check credit card purchases so if you have ordered something pricey, I look forward to a blog about you moaning about how it didnt get delivered because of 'stupid' bank process.
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 342.4K Banking & Borrowing
  • 249.9K Reduce Debt & Boost Income
  • 449.4K Spending & Discounts
  • 234.6K Work, Benefits & Business
  • 607K Mortgages, Homes & Bills
  • 172.8K Life & Family
  • 247.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.8K Discuss & Feedback
  • 15.1K Coronavirus Support Boards