NSI Barbaric security system

masonic

Possible I suppose that an error could have been made when originally setting up the answers, or the wrong account was pulled up during the call. Knowing which questions you used and being confident in the answers you provided will help navigate such a situation.

incus432

Cathygpie said:

 I could not seem to get any of them right, what is the name of eldest child, grandmothers name. ALL WRONG.

You don't know the name of your eldest child???

oldernonethewiser

incus432 said:

Cathygpie said:

 I could not seem to get any of them right, what is the name of eldest child, grandmothers name. ALL WRONG.

You don't know the name of your eldest child???

No - the OP doesn't know the answer to the question.  The name used may not be the name of the eldest child, as already explained in previous posts.

Eyeful

oldernonethewiser said:

incus432 said:

Cathygpie said:

 I could not seem to get any of them right, what is the name of eldest child, grandmothers name. ALL WRONG.

You don't know the name of your eldest child???

No - the OP doesn't know the answer to the question.  The name used may not be the name of the eldest child, as already explained in previous posts.

 They only ask questions of that type that you have supplied  an answer to. Otherwise how would they expect you to pass their security check when asked? The OP should have kept a record of what they told them as answers to their questions. 

Kim_13

friolento said:

Kim_13 said:

Cathygpie said:

Appreciate your help. Why do they tell me I got basic details wrong, name of children etc. 

Happened to a relative of mine. She would not have selected the children question as she doesn’t have any, but was asked how many children she had. They said 0 was the wrong answer.

She would have selected this question at account set-up, and given an answer to it. As mentioned, the questions and answers don't have to be factual, and it is in fact smart not to register factual information for this purpose. Like others, your relative appears to hev forgotten what she had initially set up. Please do recommend the use of a password manager to her.

Usually I would agree, but if she was going to make up answers to questions to make them more secure, she would have chosen a subject less hurtful than the children one.

I use a password manager myself and have more than once had websites reject the entry as wrong.

I don’t think any system is immune from making a mistake, but of course NS&I will need to follow a secure procedure to reset the details when that happens.

TheBanker

I've created a whole fictitious life for answering these questions.

I did this because my experience working in banking tells me that a lot of fraud attempts are not random strangers. Some fraud is committed by people who know the victim - they might not know them well, they might be friends of friends or old work contacts - but they know enough to answer questions like names of children. Things like which school you went to can often be worked out through social media profiles. Even if your social settings are private they could access the information by compromising someone else's account. And, these days, an awful lot of fraud is perpurtated by socially engineering the victim. Details like names of children, names of childhood pets, first car owned could be obtained through general conversation.

I think there was a scam a while ago where one of those seemingly harmless Facebook quizes (answer these questions to find your rock-star name type thing) was harvesting this kind of information.

The problem is that my fictional childhood and family are far more intesesting that the real ones, so I get envious of fictional me!

Olinda99

The particular dangerous one is mother's maiden name - in my opinion you should never use the real one.

Kim_13

Olinda99 said:

The particular dangerous one is mother's maiden name - in my opinion you should never use the real one.

Agreed - obtainable from birth records - and if someone has their mother’s name, the real answer is the same as their own name!

An adoptee could - the birth mother’s maiden name should be safe enough unless details were put onto the internet during a search. 

Section62

Olinda99 said:

The particular dangerous one is mother's maiden name - in my opinion you should never use the real one.

Agreed.  The FCA should tell the organisations still using mmn to stop doing so without delay.... and maybe take a closer look at other aspects of those institution's security arrangements.

If a bank insists on using mmn then I give them a different word... then finding myself having to explain to call centre staff why my 'mothers maiden name' isn't a female name.

boingy

"Barbaric" is an awfully strong word, although we have also had a somewhat less than efficient experience of NS&I's security. My wife was not able to login one day. She is certain she was using the correct credentials but it would not accept them so she rang them and they said "we'll have to send you new stuff in the post". They did so but it took over three weeks, which is a very NS&I type of timeframe.