Aqua's fraud prevention and security team, going beyond Aqua

Sensory

My card was blocked, and reasonably so. I hadn't used the card in a few months (full credit limit available), I recently updated my address using their iOS app, and then tried to put through a £105.00 transaction for theatre tickets online, having never previously used the card to do anything of the like. I surmised that the card had been blocked after the transaction failed three times (it was only the third error message that actually specified the card was declined).

The email address and phone number they had on record for me had not been changed, but I received no communication from Aqua. I had to call them myself. Naturally, I had to endure going through the usual automated systems confirming my details, holding, speaking to an advisor for a couple of seconds, only to be put through to the security team, holding again, then verbally re-verifying all of my details for security (including my existing email address), holding again, whilst they checked my account for a block. And then...

The security advisor confirmed that there was indeed a block, but "the system" would not provide further details unless I was put through additional security questions. Apparently these additional security questions are provided by Experian, involving my credit history beyond just the Aqua account. The advisor asked for my permission to acquire these questions from Experian (it wouldn't affect my credit), to which I agreed, because I was informed the alternative would involve having to post original identity documents to Aqua.

I actually failed to authenticate because "the system" could only accept the first answer given, and could not go back to previous questions. With vague questions like "in which month and year did you open one of your current accounts" and multiple choice answers of seemingly random month-year combinations, I wasn't exactly in the position to readily answer them all correctly. I have to try again, but must wait at least 24 hours before doing so, during which the card will remain blocked.

Now I've had other credit cards blocked before, but I've never had to go through such an arduous and convoluted process. It this now common practice? Could Aqua have not simply called the number they had on record for me, given that it hadn't been changed? It would take a very special set of circumstances for a fraudster to be able to update the address on my account AND have access to my phone or be able to receive calls to my phone number AND know my personal details, all WITHOUT me reporting that anything was wrong.

As for the initial ticket transaction, I immediately tried another (also seldom-used) credit card from a different provider, and it went through without a hitch. (I updated the address details for all of my cards within 24 hours.)

BlondBoy

It's becoming more frequent as an identity-verification process, I've found. That said, I've only encountered it online, not on the phone.

It's easier online, I think, because you can see the options. Taking them all onboard on the phone, while considering the question itself is much more tricky.

Think we'll see more and more of it though.

firsttimemover

Yes, I've experienced this recently too, not with Aqua, but another provider when opening an account.

The worst was applying for MSE's Credit Club, where the questions it gave could have multiple correct answers for me. "Which current account do you hold?" Lloyds Bank, Lloyds Bank Ltd. How am I supposed to know how it appears on Experian? Or Lloyds Bank, Santander, Barclays or First Direct were the options on another question. I actually have three of those...

I think if it is becoming the norm to use this for banking/credit cards, they need to sort out the questions and answers to make them less ambiguous. It's one thing not to be able to get a free Noddle or Experian score but something else when it is used to block your card or account!

GingerBob_3

Over the top security designed to protect the card supplier and not you. And, it potentially discloses information to the card supplier that they otherwise wouldn't have. Typical of Experian to come up with something like this. My answer to all of this buffoonery is to have a large number of credit cards, and if they ever pull such stunts I tell them to shove it and cancel the card - or just stop using it. It's happened once so far.

premierfella

The Halifax fraud team (so I suspect Lloyds, etc as well) also use the credit file questions, but its a system that really isn't as clever as it thinks it is.

If the honest account holder has to resort to opening up their credit file before making the call just so that they can answer what can sometimes be ridiculous questions that most customers would simply be guessing or giving rough estimates for, its clearly not a great system (i.e. asking for account opening dates, credit limits on obscure cards, etc). If you are lucky enough to get sensible questions (e.g. who is your mortgage provider, or even the "trick" question where they give you multiple choices where none of the answers are correct) the credit file check admittedly does actually work quite well.

Ben8282

Perhaps more to the point the majority of people would have no idea of the exact opening dates of very old accounts without having access to the credit report information. My Mum was not too long ago asked the opening date of her main current account. If I tell you that the name of the Prime Minister on the day she opened the account was Harold Macmillan, it will be clear why she could not answer the question
To some extent this looks like a new way of forcing people to access their credit reports (presumably with the hope that they will pay for such as service) simply to be able to answer such questions.
Another (trick?) question that I have been asked more than once is 'Which of the following people have you been financially associated with?'.
They then read out a list of names that I have never heard of except that one of the names is a very slight variation of my own name.
I give this answer and it is accepted as correct.


I agree that some security measures are over the top. Back in the summer I used a credit card online. The transaction value was small. I thought nothing more of it until the next day I tried to use the card to pay for a meal in a pub and it was declined. I then had to go through one of these question and answer sessions to get use of the card restored. I did mention that, even if the online transaction was somehow suspicious, there was no reason to believe that the card had been stolen or the PIN number compromised as I use this card daily and had reported nothing and could therefore not understand why they had found it necessary to totally block the card for chip/PIN use as a result of some vague suspicion concerning a pending online transaction. I did ask why they had made no attempt to contact me but she lied and said that they did not hold contact telephone numbers for me which was demonstrably false.