📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Should Banks ask Security Questions?

13

Comments

  • ValiantSon
    ValiantSon Posts: 2,586 Forumite
    BooJewels wrote: »
    Indeed, I don't have an issue with that principle, as I don't want them discussing my finances with potentially anyone who just happens to answer the phone.

    But I also think it should work both ways, that they should be able to verify that they're a genuine caller from the bank too - with some sort of pass code or security phrase that I can verify with them. If they call, they're ringing a known and registered land line (in my case), but if it's a withheld call, I have no way of ascertaining that they're for real, other than to do what I have done and that is by ringing the bank on a published number and asking to be put through.

    I don't disagree with you at all. An agreed phrase and/or security number that they have to give to identify themselves would make a lot of sense.
  • BooJewels
    BooJewels Posts: 3,006 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    ValiantSon wrote: »
    An agreed phrase and/or security number that they have to give to identify themselves would make a lot of sense.
    I've suggested it several times over the years; over the phone, in branch and in writing, so they obviously don't think it's that sensible. Or maybe most customers aren't that concerned about it and just jabber away with their personal security stuff to anyone who calls, so it doesn't appear to be much of a concern to the bank in practical terms. Maybe they tried it and it was more trouble than it was worth. If it was an option, I'd certainly prefer to use it.
  • AnotherJoe
    AnotherJoe Posts: 19,622 Forumite
    10,000 Posts Fifth Anniversary Name Dropper Photogenic
    BooJewels wrote: »
    Indeed, I don't have an issue with that principle, as I don't want them discussing my finances with potentially anyone who just happens to answer the phone.

    But I also think it should work both ways, that they should be able to verify that they're a genuine caller from the bank too - with some sort of pass code or security phrase that I can verify with them. If they call, they're ringing a known and registered land line (in my case), but if it's a withheld call, I have no way of ascertaining that they're for real, other than to do what I have done and that is by ringing the bank on a published number and asking to be put through.

    Thats all fine and dandy until their system gets hacked, or even a corrupt ?ex? employee gets involved.

    Calling them back on their number is really the only foolproof method.
  • BooJewels
    BooJewels Posts: 3,006 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    AnotherJoe wrote: »
    Thats all fine and dandy until their system gets hacked, or even a corrupt ?ex? employee gets involved.

    Calling them back on their number is really the only foolproof method.
    I think if their system got hacked or corrupted, someone knowing a phone passcode would worry me slightly less than other aspects of my account. You still have the option to ring back if you're not happy with the conversation.

    But whilst ringing back might be the safest option, but is also fraught with its own problems and hardly 'foolproof', in that finding the right person again can be nigh on impossible, especially when they're sometimes reluctant to give you a full name. An organisation the size of a bank employs a lot of 'Emmas'.
  • ValiantSon
    ValiantSon Posts: 2,586 Forumite
    AnotherJoe wrote: »
    Thats all fine and dandy until their system gets hacked, or even a corrupt ?ex? employee gets involved.

    Calling them back on their number is really the only foolproof method.

    The same applies with the security information that they hold that you have to provide answers to, which then gives the hacker access to your account without ever having to contact you.

    No system is perfect.
  • NBLondon
    NBLondon Posts: 5,707 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Photogenic
    tenchy wrote: »
    Turning this around, when the bank calls you, do they still have the effrontery to ask YOU security questions. I know they used to. I haven't had a call from a bank for a long time.
    Neither have I - since I started responding to them by refusing to answer the questions and telling them to write to me at the address on file. Funny thing was - it was never an actual problem that I needed to know about urgently. I've since switched banks and both Halifax and TSB seem to have grasped the idea of using Internet Banking for a message.
    I need to think of something new here...
  • RG2015
    RG2015 Posts: 6,064 Forumite
    Ninth Anniversary 1,000 Posts Name Dropper Photogenic
    BooJewels wrote: »
    They did last time they rang me and she refused to give me her mother's maiden name and said I was being silly for suggesting she might be a con merchant sitting in the pub for all I knew, bearing in mind that she rang on a withheld number and wouldn't tell me even vaguely what it was about before asking the securely questions.
    I am surprised that she was so condescending. I have done this in the past and phoned them back. I have inclusive calls and cost is not an issue but I can see how this could be.

    The withheld number is quite usual and displaying a known number is no guarantee of authenticity as I understand that any number can be displayed by a fraudulent caller
  • BooJewels
    BooJewels Posts: 3,006 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    RG2015 wrote: »
    The withheld number is quite usual and displaying a known number is no guarantee of authenticity as I understand that any number can be displayed by a fraudulent caller
    Indeed, this is very much a current problem, with junk calls making up a random local number to display when calling. Much longer back in the past the displayed number was a reliable piece of information, not these days, hence the greater need for some other way of checking who is calling you.
  • AnotherJoe
    AnotherJoe Posts: 19,622 Forumite
    10,000 Posts Fifth Anniversary Name Dropper Photogenic
    ValiantSon wrote: »
    The same applies with the security information that they hold that you have to provide answers to, which then gives the hacker access to your account without ever having to contact you.

    No system is perfect.

    It doesn't work that way so the same doesn't apply.

    The difference is that your security info is not made visible or accessible at any point to any bank employee (or at least it shouldnt be)

    Thats why they ask you "what are the 3rd, 5th and 6th letters of your secret word" for example, so that the computer can do the comparison without the operator ever seeing your secret word in the clear. A hacker should not be able to access your info in the clear since it will be one-way encrypted.
  • 18cc
    18cc Posts: 2,120 Forumite
    How does that work technically? I can see if you give the full word, it can be put through their encryption system and compared with the encrypted version they hold - if a match then you have given the right word. But how does it work if you only give 3 letters?
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.6K Banking & Borrowing
  • 253.3K Reduce Debt & Boost Income
  • 453.9K Spending & Discounts
  • 244.6K Work, Benefits & Business
  • 599.9K Mortgages, Homes & Bills
  • 177.2K Life & Family
  • 258.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.2K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture