We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Should Banks ask Security Questions?
Comments
-
Indeed, I don't have an issue with that principle, as I don't want them discussing my finances with potentially anyone who just happens to answer the phone.
But I also think it should work both ways, that they should be able to verify that they're a genuine caller from the bank too - with some sort of pass code or security phrase that I can verify with them. If they call, they're ringing a known and registered land line (in my case), but if it's a withheld call, I have no way of ascertaining that they're for real, other than to do what I have done and that is by ringing the bank on a published number and asking to be put through.
I don't disagree with you at all. An agreed phrase and/or security number that they have to give to identify themselves would make a lot of sense.0 -
I've suggested it several times over the years; over the phone, in branch and in writing, so they obviously don't think it's that sensible. Or maybe most customers aren't that concerned about it and just jabber away with their personal security stuff to anyone who calls, so it doesn't appear to be much of a concern to the bank in practical terms. Maybe they tried it and it was more trouble than it was worth. If it was an option, I'd certainly prefer to use it.ValiantSon wrote: »An agreed phrase and/or security number that they have to give to identify themselves would make a lot of sense.0 -
Indeed, I don't have an issue with that principle, as I don't want them discussing my finances with potentially anyone who just happens to answer the phone.
But I also think it should work both ways, that they should be able to verify that they're a genuine caller from the bank too - with some sort of pass code or security phrase that I can verify with them. If they call, they're ringing a known and registered land line (in my case), but if it's a withheld call, I have no way of ascertaining that they're for real, other than to do what I have done and that is by ringing the bank on a published number and asking to be put through.
Thats all fine and dandy until their system gets hacked, or even a corrupt ?ex? employee gets involved.
Calling them back on their number is really the only foolproof method.0 -
I think if their system got hacked or corrupted, someone knowing a phone passcode would worry me slightly less than other aspects of my account. You still have the option to ring back if you're not happy with the conversation.AnotherJoe wrote: »Thats all fine and dandy until their system gets hacked, or even a corrupt ?ex? employee gets involved.
Calling them back on their number is really the only foolproof method.
But whilst ringing back might be the safest option, but is also fraught with its own problems and hardly 'foolproof', in that finding the right person again can be nigh on impossible, especially when they're sometimes reluctant to give you a full name. An organisation the size of a bank employs a lot of 'Emmas'.0 -
AnotherJoe wrote: »Thats all fine and dandy until their system gets hacked, or even a corrupt ?ex? employee gets involved.
Calling them back on their number is really the only foolproof method.
The same applies with the security information that they hold that you have to provide answers to, which then gives the hacker access to your account without ever having to contact you.
No system is perfect.0 -
Neither have I - since I started responding to them by refusing to answer the questions and telling them to write to me at the address on file. Funny thing was - it was never an actual problem that I needed to know about urgently. I've since switched banks and both Halifax and TSB seem to have grasped the idea of using Internet Banking for a message.Turning this around, when the bank calls you, do they still have the effrontery to ask YOU security questions. I know they used to. I haven't had a call from a bank for a long time.I need to think of something new here...0 -
I am surprised that she was so condescending. I have done this in the past and phoned them back. I have inclusive calls and cost is not an issue but I can see how this could be.They did last time they rang me and she refused to give me her mother's maiden name and said I was being silly for suggesting she might be a con merchant sitting in the pub for all I knew, bearing in mind that she rang on a withheld number and wouldn't tell me even vaguely what it was about before asking the securely questions.
The withheld number is quite usual and displaying a known number is no guarantee of authenticity as I understand that any number can be displayed by a fraudulent caller0 -
Indeed, this is very much a current problem, with junk calls making up a random local number to display when calling. Much longer back in the past the displayed number was a reliable piece of information, not these days, hence the greater need for some other way of checking who is calling you.The withheld number is quite usual and displaying a known number is no guarantee of authenticity as I understand that any number can be displayed by a fraudulent caller0 -
ValiantSon wrote: »The same applies with the security information that they hold that you have to provide answers to, which then gives the hacker access to your account without ever having to contact you.
No system is perfect.
It doesn't work that way so the same doesn't apply.
The difference is that your security info is not made visible or accessible at any point to any bank employee (or at least it shouldnt be)
Thats why they ask you "what are the 3rd, 5th and 6th letters of your secret word" for example, so that the computer can do the comparison without the operator ever seeing your secret word in the clear. A hacker should not be able to access your info in the clear since it will be one-way encrypted.0 -
How does that work technically? I can see if you give the full word, it can be put through their encryption system and compared with the encrypted version they hold - if a match then you have given the right word. But how does it work if you only give 3 letters?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.7K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.2K Spending & Discounts
- 246.8K Work, Benefits & Business
- 603.3K Mortgages, Homes & Bills
- 178.2K Life & Family
- 260.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards