Today I went to my bank in person to ask a question and complained. I had received a telephone call last week from someone purporting to be a representative of the bank who asked several questions that were inappropriate for an unsecured telephone line and I complained about it at the time. I went to the bank to see if the call had been legit. As it turned out it was but there was no way for me to determine that other than to verify it independently. They did have a record of my previous complaint which I appreciated.
This is as good a time as any to remind people of the bad security assumptions they may be making.
Unless you’ve taken specific steps to ensure that your telephone line is secure (which is rare), you should assume that it is not. Wireless phones and cellphones in particular are in general not secure. You should never give anyone any personally identifiable information like your Social Security number or your bank account number over the phone. No reputable person should ask for such information over the telephone.
Unless your email is encrypted that’s not secure, either. Even if it is encrypted it may not be particularly secure. The analogy I generally use is that an email isn’t like sending a letter; it’s more like posting a notice in the town square. Don’t put anything in the notice you don’t want the whole town to know.
BTW, your bank probably has a compliance officer (mine does—it’s a publicly traded company) and failures to conform to best practice should be reported to the compliance officer.
And people wonder why I say that banks aren’t security-oriented.
Hmm…I assume that keying in numbers on a phone keypad isn’t secure either? I never thought much about it but you pretty much have to do that to get through computerized answering trees, and things like health insurance use your SSN. Sometimes I decline to enter the numbers and try to bypass to an operator anyway (esp since the person you eventually reach never has your account pulled up anyway so it seems pointless) but I’m pretty sure there are some that will automatically end the call If you don’t enter your acct number as requested.
As for banks….I don’t understand how checks are secure at all anymore since no human being verifies signatures. I guess we still hold on to the practice since it provides an after the fact method of determining if the account holder wrote the check, but it sure doesn’t do anything on the front end to prevent fraud.
I got a call from Microsoft last week that alerted me to my computer’s vulnerabilities, and after a bit of haggling, I got a good deal on internet security at least. I wish my bank was as conscientious as Microsoft.
I assume you’re aware that’s a scam.
But they were such nice people. The thing that always disturbs me about a scam is that implicitly it must work right, or at least the extent it is continuous?
I think we may share the same bank, it is a Point Noticed in Chance discussions. I’ve only received odd calls that seem to assume that in person banking at the local main branch is unique. “Our records indicate that you banked last week at the . . . main branch. We would like to ask you a few questions, taking no more than 15 minutes about your encounter.” I endure; I like the people I’ve met face-to-face. That’s why I deposit money face-to-face, but take money from a machine. But no, I don’t think I’ve been asked personal financial information in any of these calls.
I think we may share the same bank
Subtle! 🙂
A huge amount of our civilization continues to be trust based. The terrorists (of all stripes) have been idiots to not take more advantage of that. However, our leaders are idiots, too, as they’re doing all manner of things to eliminate trust WITHOUT putting in necessary security.