to think that when they cold-call, Virgin should be giving me a password not asking for one

[ontosecondary]

I just got a call from an 0845 number on my mobile. The caller explained that he was from Virgin mobile and asked if I had a minute to check if I was on the best account.

Then he asked for my password. I said "given that I can't see who you really are, shouldn't you be giving me a password?"

He said: "I see your point but there's nothing I can do about that".

I said: "ok, I see, well just send me an email."

He said: "well, I am from Virgin, we don't do emails, so what's the worst that could happen if you give me your password?"

I said: "well, I suppose if I was a baddie pretending to be from Virgin, I would ask for the password, then, when the recipient of the cold call couldn't remember it, I would ask for their mother's maiden name, other phone numbers, name, address and other personal data."

He said:"oh well, thanks for your time anyway" and ended the call.

I feel a letter to Richard Branson coming on, though it will never be as good as the one about the aeroplane meals from a few years back.

Would it not be reasonable for Virgin to - at the very least - arrange for their caller ID to show up on my virgin phone to talk about my virgin account?

I know this is common practice but AIBU to think it is a bit bonkers?

Terracotta, my bank emails or texts me asking me to call them if they need to speak to me. Works fine.

How do you suggest a bank identifies itself without breaching DPA?

I get this from 3! And it really annoys me, they act like I'm being unreasonable not giving out my personal info to a random caller. Then they say I should call them back, why would I waste my time when they are trying to sell me something.

That's great IfNot - but the majority of people ignore texts and emails. And sometimes the bank really will need to speak to you urgently.

You can ask the bank "what year did I open my account?"

How many accounts do I have with you?

What are the second and fourth digits of my account number?

What is the address of my bank branch? Are you calling from that branch? What is the shop next to it?

That's usually how you know, if they can't answer your questions. My fake caller couldn't tell me whether I had more then one phone with them (I have a second work one) or the number of the second line whereas my company always say to me 'i'm calling about this line' or 'line/s X and/or Y'.

PigletJohn - I work for a bank, and wouldn't be able to answer any of those questions.

The first step to a fraudster gaining your details is establishing which bank you hold accounts for.

At the bank where I work, we can't disclose that there is any existing relationship with the person we are calling, until they verify themselves. Or divulge which department we are calling from.

Terracotta, you've completely misunderstood the post you quoted.

1 Bank writes to customer:"how would you like us to identify ourselves when we call you?".
2 Customer writes back: "use the code word Squiggles".
3 Bank has reason to call customer. Bank says hello, can we discuss your account?
4 customer says ok, how do I know it is you?
5 bank says " Our code-word is Squiggles". I'll take you theough security now. What is your password?
6 Customer says "my password is Terracotta".
Conversation then continues.

OP, why are you writing to Richard Branson? It seems to me that there's an excellent chance that this caller wasn't from Virgin at all.

That's a point Icimoi.
I will leave the poor bloke alone :)

Terracotta

You appear to be saying that the bank you work for effectively tells its customers:

"If you receive an anonymous phone call from someone you do not know, do not try to confirm their identity, just tell them whatever security information and banking details they ask for."

Which is highly irresponsible.

Piglet,

One might think that these organisations betray a certain arrogance in choosing to "train" their staff in this way.....

Though to be fair Piglet, I can see that the questions you proposed don't work as person who has nicked your phone could ask those too.

My questions enable the customer to identify the bank.

The bank also has to identify the customer.

Both parties have to identify themselves.

Yes piglet I'm with you there, but can you see the stolen phone problem?

The squiggles device overcomes this.

To put it another way piglet, the bank should identify itself using non-personal data chosen in advance by the parties.

When the bank used to call and say "can I take you through security?" My ex used to say "No, I will take YOU through security, after all you called me, you could be anyone, couldn't you?" It still makes me smirk when I think of it, which is nice because I don't have that much to smile about with regards to him.

in correspondence with my bank they have asked me to provide a password of sorts in writing, then quoted it to me during telephones calls

Well I don't know who you bank with but if it were me I'd move. Banks, mobile phone companies etc should never quote your password. What they do is ask for 2 or 3 random characters which will match (or not match) with what the computer has stored when they insert them.

I've not sure if the person you speak to even knows the password or whether they simply fill in the characters the computer requests which,if correct, will allow them to proceed.

Yes Phaedra I see your point.
It was not with regard to my account, but another matter, and it kind of worked like the squiggles system explained above.

Well it would be unreasonable to write to richard branson as he doesnt own virgin media.

Terracotta is correct in what s/he is saying. I totally agree with piglet though, in that both parties should id themselves, not just the customer.

I work in a building society branch, and we do out bound calling (sales cold calling) to our existing customers, basically to attempt to generate additional business from them (ie calling a current account customer to ask them if they would like a home insurance quote)

I have never ever been comfortable doing this, for many reasons, but mainly as the first thing we do, before explaining the reason for the call is go through the security questions. This is so that we make sure we are speaking to the customer before confirming they have accounts with us.

If I were to receive a call like this I would be livid that I was made to go through my personal details just to receive a sales call.

I used to spend a lot of time shuffling paper when I was supposed to be doing this and funnily enough got a lot of "no answer"s

Phaedra the password the bank would provide you (Squiggles) is not the same as that which you quote specified letters of to them - so they would also say "hi I'm from Acme Bank Inc, the first and third letters of our security password are S and U: can I take you through your security details please?)

If a cold call asks for a PASSWORD, surely they are trying to steal your identity?