June 9, 2009 18:31 by Admin
I received a phone call today from HSBC. Let me rephrase that, I received a phone call today from somebody who claimed to be from HSBC.
As an IT professional, security is always at the forefront of my mind, so when asked to supply details like my date of birth etc., I was more than hesitant to give these out. I politely declined and told them that as I couldn't be sure of who they were, I did not want to answer, unless they could prove to me that they genuinely were HSBC. He wouldn't do this as he "didn't know if he was speaking to the correct person so couldnt divulge any information" which left us in a bit of a standoff.
I've experienced this with other establishments before, and it strikes me that there is a simple solution. When I set up my online banking, I created a password which I use for online/telephone banking authentication. Surely, the easy way around this would be for them to allocate a password/passphrase from their side, and then quote this to you when they call, this way you know it's them you're speaking to* and not some scammer. The password/phrase wouldnt be anything sensitive, just something to prove they were who they said. I realise this is another thing to remember, but it would be worth the effort for piece of mind.
Anyway, the call ended and I hung up and checked the number in google, it does appear to be a HSBC number, but when I called them on their main line and asked what the call was about, there was no record of any outstanding calls which leads me to believe either a) It was a scam, or b) HSBC don't know what their other departments are doing, neither of which fills me with confidence.
Surely this would be a no brainer to implement and stop any risk of fraud?
* Unless, they've been hacked and have all of your details, in which case you're screwed anyway!