Security questions by Barclays staff on incoming calls

This is becoming more and more common. I have the same issue with several organisations that I deal with, including financial orgs. I ask for the individual's name, and their main switchboard number. I then say I'll call them back.

I then call directory enquiries, and verify the number is valid for the organisation. Then I call them back, through the switchboard, asking for the person by name (not extension). In some cases, where it's been unsolicited, I've gone to their HR department and verified the person works for them.

Hassle, but it's, IMO, the price to protect my personal data.

Ian

Allan Gould wrote:

As a matter of interest, what do you mean by largeish? More than £10k? £30k? £100k? £300k? It'd be interesting to know at what sort of levels they will attempt to do this kind of double-checking.

Having accepted it, that should have been the end of it, unless there was genuine and serious doubt in the bank's (your branch staff's) mind about the genuineness of your instructions.

How stupid. They already had all the details in writing. What they meant, presumably, was that they wished to confirm that the instructions were really yours.

Well, I would have been. If written signed instructions are taken in

*personally* to the branch, that should have been enough. They will, by then, no doubt, at least have verified your signature.

I'd share your reluctance to disclose these details to a random caller.

On the other hand, even though *they* rang *you*, it still doesn't mean that the person who picked up the phone really is you. Could have been the brother-in-law (who could well know your date of birth and mother's name in any case) or the butler or the fraudster. And the fraudster could well be the butler or brother in law. That's why they need to verify your identity just the same as if you had rung them.

Agreed.

Indeed, more cause for concern.

Worrying.

That's right, you tell'em! And what's more, tell'em they already have your signed instructions in writing, and that you expect them to act on them, and will hold them liable for the millions you'll lose if the megadeal falls through as a result of the funds not getting there on time.

I have had their forex department (Basingstoke based for us) call me for

a £1K xfer - even though all the paperwork was completed in the branch

and proof of ID was produced in the branch. However they didn't take me

through security - they wanted to check a couple of the IBAN characters.

This was done by "trading data" with each other - which seemed secure enough to me.

I wonder if you would be so 'high and mighty' if a substantial amount had dissapeared from your account without your authority and Barclays had not made a call to you to check the details. Eric

>

"Eric Jones" wrote

Amazing! What an incredibly ignorant reply to a valid concern!

The OP wasn't even complaining about having to confirm the details, and certainly didn't say that he wouldn't confirm the details **to Barclays**. He just didn't want to divulge sensitive security data to an unknown person, calling from a *witheld* number. If the caller could have proved to his satisfaction that they *were* from Barclays, then I'm sure the OP would not have had any concerns.

Surely you're not suggesting that people should give away their security details, to just about anyone that happens to call up and ask for them "nicely"?!

[snip]

Thanks for the confirmation Tim. You took the words right off my keyboard.

I hadn't intended to be high and mighty, but there's no way of telling how others perceive what one has written. Apologies to other readers if the item appeared as described: it was not the intention. I had no complaint with the staff (local or Manchester) at all: they were all very helpful, friendly and efficient. It's just the procedures, and no doubt they are handed down from somewhere remote high up the chain.

Allan

I had a call from RBS CC. The display said it was an overseas call. They wanted me to give my date of birth which I refused. They offered to give me the month if I gave them the day. I didn't as was under the impression it was a sales call. I heard nothing more.

I may be a ignorant bank clerk but believe me for every one of me there are hundreds of stupid people like you complaining about 'I never authorised that payment why did you not check with me first?' and I want my money back NOW - what sir before we get a chance to investigate - no chance sir. Eric

>

"Eric Jones" wrote

That's very naive. Have you never heard of fraudsters? They call up people asking for security details by *pretending* to be from a bank. But if you just happen to have just instructed a real payment earlier that day, and get such a call - how do you know that the call is actually from the bank and not one of the fraudsters?

"Eric Jones" wrote

The call could be for either of the following purposes :- (1) The bank trying to stop a fraudulent transaction; or (2) A fraudster attempting to start a fraud.

If (2), well yes - it *would* "serve the purpose" of giving security details to a fraudster if the accountholder *did* divulge their details! [In case you really don't realise, that would be "BAD"!!]

"Eric Jones" wrote

...OK...

"Eric Jones" wrote

Do you *really* think that it is "stupid" to be careful with your security details? Don't they teach you at "ignorant bank clerk school" nowadays that accountholders should be encouraged *NOT* to divulge their security details to STRANGERS?

"Eric Jones" wrote

Which bits of mine and the OP's posts did you actually *read* ? When will you notice that we are *not* complaining about confirming details to the bank - we're quite happy to confirm **to the bank** (well, all except Ronald!).

But - do you think that we should accept someone's word who calls us, on a "withheld" number, saying that they are the bank without any further proof that they are? If we did, wouldn't we end up giving our security details to the fraudsters when they call??

When I transfer money from Holland to the UK I usually fax them and include my telephone number and I get a call to confirm the transaction. But I do not get asked for my DOB or other such information.

Axel

Eh?

"Ronald Raygun" wrote

From earlier :-

"Ronald Raygun" wrote

Ah, OK. It's a good line to spin to a potential fraudster. It's also a good line to spin to a bank which acts in a manner you would expect from a fraudster.

No, but seriously: Why should one need to confirm "details" when they already have them all (unless there is an obvious ambiguity, e.g. illegible payee account number etc). At issue, if the call is genuinely from the bank, would really only be confirmation of authority, not of details, especially when one has already visited the branch in person, where any possible concerns over genuineness should have been dealt with there and then instead of later on by some remote faceless processing centre.

Also, why should the need to "confirm details" be greater for same-day transfers than for cheques? You don't normally get the bank ringing you up to ask whether you really did want them to pay this cheque for £20k, do you?

"Ronald Raygun" wrote

Tee hee!

"Ronald Raygun" wrote

Totally agreed - but presumably the bank staff (which they use these days) don't understand the difference between the two? :-(

"Ronald Raygun" wrote

I did, when I bought some premium bonds! [OK, so it wasn't exactly 20K - but it was of that order. Also, the phone call was the morning after the cheque had already appeared on internet banking as having been debited from my a/c! The bank caller said they had until midday to reverse the cheque...]

I has a call once from claiming the security department of a credit card company, which asked me to confirm my name, DOB, etc, and to give them 2 digits of my security code used for online and telephone banking. Despite working in the security department, she did not understand that when she calls me *she* needs to prove her identity first. She just kept repeating that it is only two digits, so she would not be able to make transactions on my account, whereas, for example, she could have been taking part in a man-in-the-middle attack, with an accomplice on the phone to the bank pretending to me and she could have been relaying the questions to me. Or she might have called another time asking for the other 2 digits. There aren't really so many ways of choosing 2 digits out 4, so even knowing 2 out 4 gives a fraudster a 1in 6 chance.

I suggested that she send me a secure message through online banking, but she said she was not allowed to do that.

As a minimum, banks should have passwords on the accounts, and if someone claiming to be from the bank phones you, they should have to give random letters from the password to authenticate themselves.

Did she say why she should make any transactions on your account?

Well, if an accomplice calls you independently, on a different occasion a week or two later, and asks you again for two "random" digits, but they just happen to be *the other two*, then they have it all.

In message , Allan Gould writes

I agree with you, this annoys me too.

There is an answer to it which I have devised but have not yet had the chance to put it into practice but will do so on the next occasion and will report back.

This is my proposed response to a request from an unsolicited caller claiming to be from my bank or CC company in which they ask me for some personal details

"As I do not know for sure that you are my bank and as you have told me in writing not to divulge my personal information to anybody else, I am going to answer your questions but to some of the questions I may deliberately give a wrong answer and to some of them I may give the correct answer.

If you correctly identify those answers which are wrong, by merely saying after you have asked all the questions and I have answered them e.g. 'question 3 was wrong' I will then tell you the right answers to the questions I deliberately gave wrong answers to. Please note that I may give all right answers or I may give all wrong answers. If you cant tell me which questions I got wrong then I wont speak to you any further and if you are that gang of telephone fraudsters known to Inspector Knacker and his men as Mr R Raygun (and his trusty sidekick 'Tim'), you wont know which ones were right and which were wrong and my info wont be any good to you"

In message , Ronald Raygun writes

Naa, thats far to complicated! Theres no need for an accomplice,

The same person could it, but could put on an Indian accent and say his name is 'Roger'.