Don't ask me to confirm who I am!

[Inthebathagain]

Is it just me who can't get their head around a bank/company ringing you up from an unknown number, telling you who they are and expecting you to confirm your mother's maiden name/dob etc?

How do I know you are who YOU say you are?!

Wherever I point this out to the person on the end of the phone, they always tell me to put the phone down and ring the company line I find on the internet...which often gets you caught up in a queue of at least 30mins.

Surely there must be some way of them giving a little information and you confirming the rest of the information? Or some other way that I as a consumer can be happy that I'm not being scammed?

AIBU?

I find the whole security thing infuriating.

I recently set up a new bank account. To log on I need 5 separate pieces of information (customer number, ID number, password, pin etc. Not chosen by me so impossible to make "memorable " ) PLUS a card PLUS a card reader. Logging on takes about 5 different steps including scanning a QR code on screen with the card reader.

It's not an account I'll access regularly. No chance of remembering all the codes and numbers.
So I've written them all down. Ridiculous and the opposite of what I know I should be doing. But what the hell else am I supposed to do?

Always always hang up and phone the number of your bank directly, they don't really call and if they do they'll know what it was about when you phone back.

It's not an account I'll access regularly. No chance of remembering all the codes and numbers.
So I've written them all down. Ridiculous and the opposite of what I know I should be doing. But what the hell else am I supposed to do?

Absolutely nothing wrong with writing down passwords. It's how carefully you look after the piece of paper that then becomes important.

<bashes head repeatedly against wall>

The person sounding dense here is you!

It's nothing whatever, at all, even a little bit, to do with whether I, personally, like or dislike a process. The problem here is that the banks are training customers to do something fundamentally insecure.

A person is sitting minding their own business, when the phone rings and a strange voice says, "This is your bank. Please give me the following data used to establish your identity to banks."

According to the bank's thinking, the recipient in this situation should now give their identity data to the unknown incoming caller – to do with what they will.

Yes or no?

Obviously for the customer's security, the answer is No. Therefore the bank shouldn't expect them to. Shouldn't tell them to. Shouldn't have to manage not to get arsey because... they shouldn't be asking for the information in the first place.

If the security procedure the bank would prefer is that the recipient should put the phone down (and make a test call to ensure the line really has disconnected, because that's another scam) and call in to the published bank number THEN THAT IS WHAT THE INCOMING CALLER SHOULD INSTRUCT IN THE FIRST PLACE. Not encourage the person they're calling to do something fundamentally insecure, but then "permit" them to act more securely by calling back.

This is what I mean by banks' refusal to conceptualise that security is two-way.

Or, you know, I could just believe the banks are deliberately doing something they know full well is insecure for the customer but is more convenient for the bank, if you prefer? That they understand full well, but plan that the customer will bear the loss come the day that call is from a scammer, therefore from the bank's point of view this isn't a problem?

I am very unco-operative when they do this to me.

They just get told to write or email me if it's important and that I am not divulging any personal information over the phone.

Never hear from them again so it's probably just a sales call.

Haven't read the whole thread but are banks aware of the increasing number of people who have Alzheimer's or other kinds of cognitive decline? My dad was targeted by scammers last year, they got bloody close to emptying his account. How on earth is my 80-something dad with brain disease supposed to parse the sophisticated nuance of 'personal but not identifying' FFS?

Although tbh the way high street banks just do not give the tiniest fuck about customers with Alzheimer's is a whole other thread.

Yes I get annoyed with this as well. I refuse to do it and tell them to put it in writing if it's important. They rarely do so I assume they're mostly trying to sell me stuff.

My doctor did it today! And I said my name and he said "I've phoned the wrong person! I thought you were XX"

😂 it was a good job he asked!

Banks on the other hand are arses for doing this.

I think some people on this thread are seriously lacking in theory of mind.

Stuff along the lines of: "We, the bank, will only call you if it's important, so you really ought to take our call."

If we knew it was you calling, then we would take the call!

But scammers lie and say they are the bank, too.

So from the state of knowledge of the call recipient, this might be a scammer or it might be the bank, we can't tell.

My bank, First Direct, an arm of HSBC did this once. I told them they had rung me, so it was up to them to prove their identity. I hung up.

two minutes later I got a text on my mobile, saying they were the fraud department of the bank (and approved of my reluctance to answer any of their questions). They said my debit card had been used in this country at a supermarket, could I confirm that was me? I saw no harm in confirming.

they then asked if I had the card in my possession and was I currently in my home?

Again, I saw no harm, so confirmed both. They then said someone in New York had tried to use my card in an Apple store, 20 minutes after I'd used it in this country. They advised me to change all my passwords on my computer and they'd cancelled current card and send replacement.

It really was my bank, and they saved me from a whole sea of shit.

But even they, the fraud department, thought it was ok for me to refuse to confirm any personal information on my land line.

Exactly. I love that the customer is to blame and some posters sound almost gleeful that not taking these calls has led to the customers having accounts closed etc when the customer is literally doing exactly what banks tell them to do to ensure their information is not used by scammers.

A scammer calling is going to say they are the bank and they need to discuss a serious issue but cannot proceed until the customer gives the personal information.

A bank calling is going to say they are the bank and they need to discuss a serious issue but cannot proceed until the customer gives the personal information.

Apparently customers are meant to be psychic and know which is the scammer and which is actually the bloody bank and they are at fault for even daring to be suspicious...

Oh don't they just! My card was busy in NYC whilst I'd just used it to cross the Severn bridge.

I had 4 calls from "Nat West" but they sounded so scammy that I hung up. After the 4th call I did wonder and googled the number. Some sites said it was genuine, others that it was a scam. Eventually I found it buried deep on a Nat West site page so rang them back.

Even so and after the conversation I wasn't 100% sure I had done the right thing as the woman I spoke to really didn't sound genuine.... although as it happened she was.

HMRC called me at work to discuss the business tax account. They had about 16 security questions including all random ones like who was the finance manager before me (who tf would I know it was pre-me!) So they said i failed security. They asked me to call them back the following day. I refused. I said you want ti talk to me. I don't want to talk to you. You either tell me what you want or you can write to me. Argued about it for a further 5 minutes before I hung up on them.

It's a scam. Happens with "phone companies" too.

That's the whole point though it often isn't a scam it genuinely is the bank or phone company calling but us mere mortals are expected to know which ones are scams and which ones are genuine.

Years ago they did and I would never comply.

It hasn't happened for well over 10 years. There are still a few things I find questionable but this is not one that has happened for me for at least 10 years

And this is why I started the thread. This is a good solution to the problem.

Bank rings customer. Bank then confirms it's the bank via a verified channel. Customer is then safe to share personal details. Everyone protected and verified.

Good on FD

Agreed, OP.

And this quick-response work from the fraud team could be backed up by a requirement for the customer to call into the published phone number at a convenient time, spend the usual 30 mins queueing, pass bank security and confirm that the fraud team had indeed talking to the right person.

And meanwhile the account is secure from further fraudulent spending until this happens.

I agree - I hate when people call me and then start asking me to verify my information. I understand why, from a security POV, that they might need to confirm they're speaking to the correct person before revealing information but when they don't even identify themselves/the company clearly first then I am not telling them anything and I refuse to waste my time calling them back and waiting in a queue to speak to someone only to find out that they were calling me to tell me that my phone contract is due for renewal and they want to offer me an upgrade, as per the email, letter and text I had already received.

I prefer how my old Housing Association dealt with it - you had to have a "memorable word" of a minimum of 8 letters and a memorable year (that couldn't be your DOB) and then every time they called they would ask you to confirm your name, post code and a combination of two letters/numbers from your word and/or number to verify your identity. That word and number could be anything and you could change it as often or as little as you liked, but to do so you had to jump through 101 hoops on the website (so you were the one to go to the website and volunteer your information, knowing it's the official channel) so your info was safe.

Additionally because there were so many potential combinations of letters/numbers they could ask for from an 8 letter word and 4 digit number it would have taken scammers ages to get all of the letters/numbers in order to work out your passcode, and they did advise that you changed the word/number periodically to prevent any security issues, so it was infinity more secure than having to give out the usual "security question" answers (which are always the same themes - pet names, schools and parents names, favourite Xs)

They also had a "password" set up for any contractors they sent out - you would set a passcode in your account (again, you could change it whenever you wanted via your account) and when they sent the contractor out if you weren't sure if they were legit or wanted to check for any kind of safety reason you could also ask them to confirm your password and they should know it, and if they didn't then they knew how to access the information, before you let them in to your property.

Why are they ringing you? Been with HSBC years and do everything online so I'd think it was a scam if someone phoned saying they were from the bank.

This happens. My view is that this represents bad training or lack of training for bank staff.

The advice from the Information Commissioner's Office is quite clear. Never disclose personal details on an incoming call unless you know the person who is calling you. There are scams which may prevent you hanging up on the caller as well. So not only should you call back to an officially published number, if possible you should do it from a different phone as well.

The con men can also make it seem like they hung up, to allow you to dial the bank directly, and then answer it themselves again when you dial out. So use a different phone if you do this or dial your mum first to prove you have got a proper line.

And yes it's annoying and I don't give them the info, the last guy I said, 'how do I know who you are' and he just laughed, I think we both knew we were who we said. He told me in general terms what the concern was and I told him it was fine.

Funny enough I had this exact discussion with John Lewis of all companies. Their exact response was in a tone of outrage: But we’re John Lewis! You know you can trust us! They were terribly offended when I said, actually, no I don’t trust you.

HSBC do this too. Infuriating.

Exactly.

I might know I can trust John Lewis.

But I don't know you are John Lewis. You could be someone else, lying.

And given they want to put you through their security, the whole premise of which is that you might someone else, lying, it's a bit rich when they can't see the symmetry.

Stuff along the lines of: "We, the bank, will only call you if it's important, so you really ought to take our call."

If we knew it was you calling, then we would take the call!

But scammers lie and say they are the bank, too.

It doesn't seem to quite compute with some people, does it?! The banks can have the world's finest anti-fraud teams in their back office along with the most powerful security software; but if some bloke in a basement decides to call you and claim that he is your bank, all of that amazing stuff won't do you the slightest bit of good!

I think that this might be a bit like when you know somebody very well, but you don't know that they are an identical twin; and then, when you bump into their twin in town and they (quite reasonably) act like they have no idea who you are, getting angry and offended at why such a supposedly good friend would just blank you and lie to you like that!