Don't ask me to confirm who I am!

[Inthebathagain]

Is it just me who can't get their head around a bank/company ringing you up from an unknown number, telling you who they are and expecting you to confirm your mother's maiden name/dob etc?

How do I know you are who YOU say you are?!

Wherever I point this out to the person on the end of the phone, they always tell me to put the phone down and ring the company line I find on the internet...which often gets you caught up in a queue of at least 30mins.

Surely there must be some way of them giving a little information and you confirming the rest of the information? Or some other way that I as a consumer can be happy that I'm not being scammed?

AIBU?

It might be a scam, but it isn’t necessarily. Banks ring people all the time and they will ask for security details. They are mindful that people might not want to answer and they will ask you to call back or I have had examples where they have had sort of reverse security checks, but I can’t explain that very clearly.

Not happy to go ahead? Thats fine, we will send a letter or you can call back. No need to be rude about it to the min wage person calling you because YOU didnt pay your sodding credit card,

No, nobody should be rude at all; but there's a massive difference between saying "You called me, so I'm not willing to give you my personal details, as I have no way of knowing if you are genuine or a scammer" and screaming at them to F-off.

I'm still shocked that banks seem to encourage/want people to have a default of trusting anybody who calls them claiming to be their bank and asking for their personal information, and then only having a Plan B in place for the security conscious ones who actively decline their unsecure methods.

Yep agree with you

I've had this and assumed it was a scam-but maybe not then!

There's a sense from some posters of 'winning' by refusing to speak to their bank and refusing to call them back which I find odd.

Of course you need to be careful but most calls from banks are for a reason. A reason that is for your benefit usually. It's to tell you there's suspected fraud on your account or because you've missed a payment or they need to check something. They're never going to ask you to read out a password on an outbound call and usually give part of an answer first.

I used to work for a bank where we made outbound calls for very good reason. Some people took absolute delight in outright refusing to answer even the most basic of questions (second part of postcode or month of birth for example). Some would refuse to confirm if they were [name]. They'd make a triumphant sound as they hung up. Winning.

They weren't quite so triumphant when they had to call back after several hours or days when they realised all their payments were being returned after I pressed the Inhibit Account button at the end of our unsuccessful call (procedure, not my choice out of malice).

I couldn't even count the number of people who had very serious repurcussions due to their own refusal to either speak to us or call back. Account inhibits, returned mortgage payments, fraud that took ages to sort, some actual account or loan closures as they also missed a letter.

You can scream into the void all you want about how they should have sent an email instead, but it's too late once xyz has happened. And you'll get nowhere with FOS either as they have no power to dictate banks' contact methods - attempted phone calls to warn of missed payment/fraud block/pending account closure/whatever are considered valid attempts - and if the customer refuses to engage with those attempts, the outcome is on them.

I have to ask but just name and one other piece of not sensitive info (don't work for a bank)
I tell people why I'm ringing straight away though as it's not sensitive info and if they then don't want to confirm anything it's fine

I tell people why I'm ringing straight away though as it's not sensitive info

That's not strictly true.

You could tell them you were calling from the complaints/insurance renewal/credit card team or whatever - which often gives a heavy hint.

But any more than that, you're breaking DPA. I'm calling about your credit card with us - breach. I'm calling about your missed payment - breach. You've just told an unidentified person that a relationship exists between Mrs June Thomas and Barclays Bank (or whoever).

Just tell them she's deaf, so please send a letter.

I used to work for a bank where we made outbound calls for very good reason. Some people took absolute delight in outright refusing to answer even the most basic of questions (second part of postcode or month of birth for example). Some would refuse to confirm if they were [name]. They'd make a triumphant sound as they hung up. Winning.

Fair enough if some of them were just cantankerous arses for the sake of it, that was a bit pointless; but how do you know that they hadn't already had half a dozen scam calls that day, which had already poisoned the well and drained every last bit of their goodwill and bonhomie?

They may be relatively innocuous questions, but if they're already in the mindset of 'everybody has just been calling me to try to scam me', they're likely to object to everything. I know that, when I have a definite/likely/possible scam or cold sales call, I don't want to engage with them at all.

They usually start off with a 'Good afternoon, and how are you on this fine day?' kind of faux-pleasantry - part of their playbook to try to get you on side so that they can start to reel you in. It also doesn't help that most banks will call you from overseas call centres - which is of course absolutely fine if it's genuine - but again, it's also a common marker of most scams, that they call from abroad, with a slight delay on the line and not having English as a first language.

I'm being deliberately vague but when I say where I'm calling from it would mean people know so I introduce myself and the name of where I'm calling from
Most people tend to answer the phone with their name which is all that I need to start talking!

Companies can't win though
We (not me) for example send emails, texts and ring people that say their car insurance is due. People think phone calls are a scam so won't confirm any details so we can't tell them and send email/letter instead
Then they say they don't want any correspondence
Then ring angry that their car insurance has expired and we haven't told them
Well we did try, then you said you didn't want any contact so...

At the end of the day, if I were to answer the security questions thinking it was the bank, and it did turn out to be a scammer, I know for a fact that the bank will try their hardest not to refund me if the scammer did take money out of the account. So I don't care how hard it makes their job or how frustrated they might be on the other end. I WILL NOT risk losing my money.

I can assure you NatWest fraud team do this. (Ooh, the irony!) I responded like the OP.

Exactly what I said up thread. If the worst did happen and the call was a scam you know you wouldn't be supported by the bank in getting your money back and they would be indignant that they could not help because you willing gave the information. At the end of the day the bank are not the ones who are going to be financially in the shit if you're scammed on a call you think is your bank so no matter how inconvenient it might be for those calling I can't see why the customer is in the wrong for saying they won't provide the details.

In a world that still struggles to send letters in large print, that's a challenge.

When you set up your banking you should have to set up a password that the bank says to you that means you know it's them..

"Hi Mrs 44....it's HSBC here, our key word on the account is "superstitious", if you're comfortable it's HSBC can we now take you through your security questions? After this call we will ask you to log on to your online banking and change your key word now it's been used"

Then I'd know it was them.

I work in a career that I have to go through these sorts of questions when I make a call. We're taught that with any sign of doubt to tell them they can check the number were calling from if its visible or they can call back the number on our website.

Its frustrating for us as well as you, but anything we tell the person is breaching data protection if we haven't gone through the security questions. I get that we've called you, but there's no saying that the number on the records could be incorrect, or not belong to the registered person but a family member.

You can be in a queue for half an hour, but I'd rather that than be scammed if there's doubt as to who has called.

I work in financial crime at a bank & I get the frustration but it is for good reason.

Firstly if you’re talking about calls that you completely aren’t expecting and have no idea about - 100% never give them your information and you are right not to answer.

However if you have asked your bank to phone you/contact you, are expecting a call back at a certain time etc - they literally cannot speak to you about your account or personal information without asking you those questions. If they don’t ask you they are breaking data protection laws. Typically this is 5 questions.

Imagine if someone got hold of your bank statement (delivered to wrong address, found outside) and they rang your bank to try and access your money or emailed them to give them a call. Your bank calls them and they can’t answer those 5 questions (name, address, DOB, account number, national insurance number) because they aren’t you - so your bank won’t speak to them. Imagine if the bank didn’t need to ask all of those questions. You’d be surprised how many fraud calls I have listened to that are very clever at trying to access someone’s account!

I get it’s annoying when it’s legitimately you but it’s for very good reason.

We're taught that with any sign of doubt to tell them they can check the number were calling from if its visible

It's ridiculously easy for criminals to spoof the number that they're calling from nowadays, though. They often spoof a random number for their scam calls and I always feel very sorry for the ordinary person who has that number, who probably then gets angry people calling them back and saying "Don't try to lie to me; I SAW your number come up on my caller display, you were trying to scam me" - when they genuinely don't have the faintest idea what the person is going on about.

I think, by way of analogy, this is a bit like approaching a child wandering through the street. Of course, if they are lost, you need to step in - but you also need to be aware that you are a stranger to them, and so they should be very cautious of you.

Of course, YOU know that you're just a concerned, innocent passer-by who wants to help a child get back home, but as far as the child knows, you could be a child abductor, abuser or worse; so ideally you would want them to be very hesitant indeed to open up and trust you - for their safety, not for your convenience or feelings.

But this is missing the point entirely.

I completely understand that the bank have to put the person who picks up the phone through a security procedure on their side to identify who they are speaking to.

The gigantic hole in the picture is the utter failure of the bank to realise that the person they are calling ALSO needs to put the bank through security, for the same reason.

It's not hard to come up with ways to do this. In fact, I do things like give a bank or other organisation a one-time codeword to use with me when they make a call that I am expecting. No codeword = they're just a scammer who hit lucky, like the "We're trying to deliver your parcel" scammers when you're expecting one.

Given the level of technological grief the bank has introduced for buying mundane groceries from high street supermarkets to be delivered to the known address of the card – multistep processes with PINs, one-time codes, etc – it's not beyond the wit of the bank to introduce a protocol for customers to security-check the bank when it calls.

The problem here is that the banks are simply unable to conceptualise that security is a two-way process. They're clearly in little castles of their own making, going, "Out there it's all baddies, but WE'RE THE GOOD GUYS."

(Obviously I am talking about the bods who set the procedures, before some bank employee starts up with "snot my fault." Yes. I know. It's still a problem; a problem being dumped by the bank ON ME. Please stop it.)

The problem here is that the banks are simply unable to conceptualise that security is a two-way process. They're clearly in little castles of their own making, going, "Out there it's all baddies, but WE'RE THE GOOD GUYS."

There are some parallels here with how a lot of ordinary people - especially women - now view the police.

Granted, for different reasons, as it isn't actual bank employees who are trying to scam you; but, as you say, it all comes back to the insistence that 'but WE KNOW we're legitimate, so THEY should be psychic and instinctively know that we aren't the baddies who will present in exactly the same way'.

I have failed security several times when called about my accounts - semi expected calls
No, off the top of my head, I don't have a clue what my account number the direct debit comes from is. I can get you close to the value of the last transaction, but nearest pound, not penny. I have no idea if your DD goes out on the 1st, 2nd or 3rd of the month (every single one goes on one of those three dates).
So, companies add questions that are less useful to a scammer, and block some genuine customers.
Its not straight forward to sort from either side.

...yes? Like I said, or fraud. Which if they needed to call you about it, there was something they wanted to check.

The gigantic hole in the picture is the utter failure of the bank to realise that the person they are calling ALSO needs to put the bank through security, for the same reason

The problem here is that the banks are simply unable to conceptualise that security is a two-way process. They're clearly in little castles of their own making, going, "Out there it's all baddies, but WE'RE THE GOOD GUYS."

Do you think that people that work in the bank don't have bank accounts of their own?

Honestly, I appreciate you don't like these processes, but this just makes you sound utterly dense. Banks have entire arms of their back office staff dealing with identification issues and reporting and preventing fraud. They are completely aware that most customers don't like this - which is why it's MASSIVELY scaled back now. Banks ALL have a way to opt out of marketing calls, and only calls where there is a fraud concern will generate an outbound call (or an appointment, which you'll be expecting anyway). There's no point having a number displayed because fraudsters can spoof them anyway. There's also no point spending £££ on outbound methods of ID&V when in the main, a customer can either call in or instigate an online chat to find out what the contact was for. If the agent who's called you is arsey, that's a them problem not a bankwide issue.

PS I'm not one of the poor frontline agents that will have to speak to you. But I do work for a bank, in change and governance. So this is something that is regularly talked about and looked at.

There is a whole area of debate about the asymmetry of power here. Companies that are quite happy to make you wait hours to answer that at the same time have an expectation that you jump to answer your phone at the drop of a hat.

If a banks "fraud prevention" is based on a customer immediately answering a call in real time, then maybe they need better processes.

If you do want to confirm the identity of a caller claiming to be from your bank (for example) the easiest way is to deliberately give them incorrect security details and see how they react. If they know they are incorrect, then they are probably the real McCoy. Of course if they don't know they are incorrect then (a) they are probably scammers, and (b) good luck trying to use that personal data to commit fraud.