Like many people these days, I have a telephone banking account. This works very well for me, since I don't have a lot of time for visiting bank branches between 10am and 3pm, and it suits me to be able to phone up and do my banking whenever I choose. I find security a bit of a worry sometimes, though. Sometimes my bank call me, and we have a conversation like this:
Me: (picks up phone: Caller Display on the phone says "Number Withheld") "Hello?"
Bank: "Hello is that Mr Davies?"
Me: "Speaking."
Bank: "It's the Zarg Bank here, Mr Davies, we'd like to see if you're interested in a new service we're offering."
Me: "OK. Tell me."
Bank: "I'd just like to go through a few security details first, could you tell me your date of birth?"
Me: "No, I don't know who you are."
Bank: "We're the Zarg Bank."
Me: "Yes, and if I were a criminal trying to find out the security details of Mr. Davies, then I would also claim to be from the Zarg Bank. How can you prove it?"
Bank: "I don't know, but I can't tell you about this service unless we can go through security so we know that it's you."
Me: "So I have to prove I'm me, but you don't accept that you have to prove that you're you?"
Bank: "We are the Zarg Bank, otherwise we wouldn't know your telephone number."
Me: "My number's in the book."
Bank: "But I know your name too."
Me: "Presumably a criminal would start with my name, and then look me up in the phone book".
Bank: "If I can just ask you some security questions, then I can tell you some details of your account and then you'll know it's us."
Me: "But then it will be too late, I'll have already blurted out my password so that the world can come in and spend my money."
Bank: "No-one has ever complained about this before."
Me: "Let's imagine that our roles are reversed for a moment: you don't really know for sure that I'm Mr. Davies yet do you?"
Bank: "No."
Me: "Well OK, I'll claim to be 'Martyn from Zarg Bank' instead. You can be the customer. Can I have your banking password, please?"
Bank: "Well, no."
Me: "Why not?"
Bank: "Well I don't have an account with Zarg, and anyway....."
Me: "Listen, the only way this is going to work is if you give me a number to call, and then I'll call you, and that way I can be certain who you are."
Bank: "You can call on 0845 999 999".
Me: "But that's your regular number, how can I talk to you about your new service?"
Bank: "You can't, we're in a call centre, and we have to call you."
Me: "So there's no way I can find out about the service then?"
Bank: "I don't know, this has never come up before."
Me: "I can't see any way forward then."
Bank: "OK, thanks for your time, Mr. Davies." (click, whirr)
Interestingly, my Internet credit card (a different company) have a different take on this. I usually deal with them only via the Internet on a secure web link, but they sent me a letter asking me to call them. When I did, I discovered that I had to go through a security procedure before we could discuss the issue that they wanted to discuss with me. Here, the guy on the phone seemed a bit cheesed-off that I didn't have all the security answers to hand:
Cheesed-off: "What's your security number?"
Me: "I don't know, I just called in reply to your letter. I wasn't ready for questions, this is the first time I've ever made a call to you."
Cheesed-off: "What's your memorable date?"
Me: "19th December 1961."
Cheesed-off: "No, that's not it."
Me: "21st December 1961?"
Cheesed-off: "No. "
Me: "I'll have to go and look it up. I can't remember. Actually I can't be bothered with it now, I'm not ready for a complete interrogation."
Cheesed-off: "You'll have to do a security check when you next call in. "
Me: "OK, goodbye."
What he actually meant was that he was blocking access (by every means) to my credit card account, so I couldn't even go online to look at a statement anymore. This seemed a bit draconian, since they'd actually asked me to call them, but at least I know that they're taking it seriously when someone claiming to be me call them up and can't prove it!
Fool USA
