Bank callback and security questions

xabi_a

A few times I tried to contact a bank about something, and they arranged for a specialist (e.g. certain type of mortgage) to call me back. The first thing the bank employee then does on the callback is ask me some security questions.

Is this acceptable? Am I supposed to give out security information to somebody who just called me? Even though I arranged a callback, in theory it could be anybody.

My real question is: if the banks are warning us about scams, should they actually be encouraging people to give security details to somebody who calls them (not the other way around)?

I find it strange but it happens again and again. Maybe I'm missing something?

Fluorescence

I often used to get this from Ulster Bank years ago. They would freeze my account for "suspicious activity" and then ring me to go through transactions to unlock it. However they'd off the bat start asking me security questions and they had called me! I used to just say, "Sorry, I don't feel comfortable answering these questions from an unverified number. Can I ring you back on a listed number instead for safety's sake?"

Never an issue but always was a headscratcher for sure!

Jim2007

xabi_a wrote: »

Is this acceptable? Am I supposed to give out security information to somebody who just called me? Even though I arranged a callback, in theory it could be anybody.

And what would have them do instead?

- Not bother trying to verify you, but continue to discuss your business, after all you could also be anyone....
- Call you call them back on another number, but you'll still have to be verified
- Refuse to do business with you over the phone and have you come into the branch instead....


And in any case most of the security verification questions are sufficient to verify you, but useless to any hacker.

lau1247

xabi_a wrote: »

A few times I tried to contact a bank about something, and they arranged for a specialist (e.g. certain type of mortgage) to call me back. The first thing the bank employee then does on the callback is ask me some security questions.

Is this acceptable? Am I supposed to give out security information to somebody who just called me? Even though I arranged a callback, in theory it could be anybody.

My real question is: if the banks are warning us about scams, should they actually be encouraging people to give security details to somebody who calls them (not the other way around)?

I find it strange but it happens again and again. Maybe I'm missing something?

Don't they normally start off with explaining the specific reason why they are calling.. i.e. in relation to your request about xyz....

Any of the one I got that they call back usually do.

xabi_a

Jim2007 wrote: »

And in any case most of the security verification questions are sufficient to verify you, but useless to any hacker.

If some hacker has my phone number and calls me and I give them my address, mother's maiden name etc then that's surely useful to them, no?

jimmycrackcorm

Jim2007 wrote: »

And what would have them do instead?

- Not bother trying to verify you, but continue to discuss your business, after all you could also be anyone....
- Call you call them back on another number, but you'll still have to be verified
- Refuse to do business with you over the phone and have you come into the branch instead....


And in any case most of the security verification questions are sufficient to verify you, but useless to any hacker.

A scammer who knows what security questions a bank will ask, can ring you up and you'll happily hand over the answers so that they can use those then when they pretend to be you ringing the bank...?

The problem is not doing the verification itself, but knowing for sure whether or not someone ringing you is actually calling from the bank.

Jim2007

xabi_a wrote: »

If some hacker has my phone number and calls me and I give them my address, mother's maiden name etc then that's surely useful to them, no?

To do what exactly? Your address, your mother maiden name etc are all a matter of public record. If a hacker needs that information there are easier ways for them get it laboriously make one call after another. And if they can’t figure out to do that, then they certainly won’t figure out how to hack a bank.

Jim2007

jimmycrackcorm wrote: »

The problem is not doing the verification itself, but knowing for sure whether or not someone ringing you is actually calling from the bank.

You can do exactly the same thing to verify them - ask them something only they would know and you know. They have access to your accounts so they should be able to:
- Tell you the balance on a certain account
- The amount of your last credit card payment
- The date and amount of your last mortgage payment

That is what I did.

Cameraman

Jim2007 wrote: »

You can do exactly the same thing to verify them - ask them something only they would know and you know. They have access to your accounts so they should be able to:
- Tell you the balance on a certain account
- The amount of your last credit card payment
- The date and amount of your last mortgage payment

That is what I did.

I've tried that in the past. They told me they could only do that when I was verified - Catch-22.

A simple way around this is to have a keyword/password associated with your account, supplied by you. They would have to confirm this to you before going through the security questions. This method isn't foolproof either, but is pretty straightforward and removes a lot of the risk.

xabi_a

Cameraman wrote: »

A simple way around this is to have a keyword/password associated with your account, supplied by you. They would have to confirm this to you before going through the security questions. This method isn't foolproof either, but is pretty straightforward and removes a lot of the risk.

Agreed. Or else, if they're offering a callback, they could give a one-off ID or password that they would then provide when they call.