Improving security when receiving calls from financial institutions

Someone called claiming to be from my bank. They started the call by asking to speak to me by name. They then asked for my birth date – which I gave, and then they asked for my security date. Only then did I realise that I had started to give out personal information without thinking about it, so I halted.

I asked what they could provide me to know they were actually from my bank. They told me:

All I can give you is my name.”

Call agent

This was when I got suspicious.

They informed me that I could call them back and started to read out a telephone number. 

Having worked in the FinTech and Financial Services industry, I was well aware of the possible scams. I was already kicking myself that I had provided my date of birth without thinking about it – rookie error.

Instead of calling the number they provided, I waited a few minutes and called the number for the bank I found online.

They were indeed from my bank, but it made me think about ways organisations can help their customers feel safe when they make outbound contact. 

Too often, we receive unexpected calls and are asked to give out personal information. 

It makes us ripe for scams. I would count myself as digitally savvy, but even I was caught out in this instance.

With the rise and prevalence of scammers, legitimate organisations must do more to keep their customers safe, especially during the pandemic. Sure, the agent on the call wanted to make sure they were really speaking to me, but at the same time, they exposed me to vulnerabilities. If customers get into the habit of providing personal information on the phone for inbound calls, they also risk being duped by scammers.

How might we… provide better authentication with financial services companies or others who want us to pass security checks before talking to us?

The organisation could use a form of 2-factor authentication to help keep its customers safe. For example, the agent could provide the customer with a code they can enter into their banking app, which would then return another code they can read back to the agent to satisfy the agent’s security checks. That way, both parties would know they are who they say they are.

Categorised as Blog