Community

Join the Community

21,462
Expert opinions
43,679
Total members
363
New members (last 30 days)
134
New opinions (last 30 days)
28,513
Total comments
Join Sign in

Who the f... are you?

2 comments
Retired member
Unfollow

My mobile phone rang this morning. By the time I reached it, the caller (with blocked caller ID) hang up. A minute later my (ex-directory!) home number rang. I picked up the phone.

The person on the other end of the line told me he was from Barclaycard's fraud investigation department and wanted to verify some transactions (Barclaycard does indeed makes such calls from time to time).

I joked that I cannot be sure he was indeed calling me from Barclaycard to which he replied he would not be asking me for any personal information.

The very first question was: "Who do you bank with?" - "Hm, Barclays, obviously..." - "And apart from Barclays?" - "Why do you need to know?"

He told me again he was there to help me. Did I ask for any help?

"What is your email address?" - "Tell me what address you have on file and I will confirm whether it's the right one." (I have two work addresses and three private ones.)

At that point the guy realized he is not getting anywhere and suggested I called Barclaycard myself "to verify those transactions". Which I did. There were no transactions to verify, and their fraud investigation department had no scheduled outgoing calls in the system in respect of my account.

Social engineering is the key part of spearfishing fraud. It can penetrate even two-factor authentication security to play the classic "man in the middle" attack. To protect consumers, banks need to ID themselves first so that consumers know who they are dealing with. How can that be done in a secure way? That's a million dollar question. Any answers?

Sponsored

This content has been created by the Finextra editorial team with inputs from subject matter experts at the funding sponsor.

5321

Share

 
 
 
 
 

Channels

/security
 

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

Join group

1679 opinions 211 members

Comments: (3)

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

NetBanking websites can of course authenticate themselves to users by displaying a graphic or text or both that was preselected by the user earlier. But I think you're asking about incoming calls, for which I have no answer. I keep getting similar calls and I respond similarly. The social engineers quickly hang up when my questions become too uncomfortable. The genuine callers flag me as a "difficult customer in their CRM, which generally helps me get good service when I call them next! Only once did the caller display presence of mind by reading out my last card transaction. Not sure if that's a foolproof method of authentication.

Chris Errington

Chris Errington Semi-retired at None

I took a call from a member of the Lloyds Group, who said there was an unusual transaction on my account and they wanted to check it.

Went through the same dialogue of 'you show me yours and I'll show you mine'.  Did establish that they were probably genuine but wasn't sure because the branch they were calling from wasn't my local branch - I knew where it was but I had never been there [subsequently found it is the closest branch to my postcode; clue #1].  Asked specifically whether this was a sales call.  No, categorically not - there was an unusual transaction on my account I needed to check out.

'We' agreed I would ring head office.  Did so.  The caller was genuine.  But in fact, a genuine sales person at a Lloyds Group branch looking to invest my 'unusual receipt' - my monthly wages (which I've had for 10 years in a row) [Clue #2].  Head office said I had probably not checked the privacy box on my preferences - oh, the head office person says I had.  Oops. 

Received a similar call a few months later, someone different but same storyline.  Same pretence - but this time I knew the game.  Thinking about it, I've had a number of these calls over the years but just put the phone down.  Then home phone rings and same story.

Shame they are using the 'unusual transaction' angle since banks need all the help they can get in combating fraud - not 40 year customers who have been through this and just hang up.

My calls ran very, very much like yours.

A Finextra member 

The funny part is... that was indeed Barclaycard who rang me this morning - one of my Barclaycards got blocked this afternoon because of some "suspicious transactions".

More expert opinions

Mete Feridun

Mete Feridun Chair at EMU Centre for Financial Regulation and Risk

What does the EC’s postponement of the FRTB mean for the industry?

Konstantin Rabin

Konstantin Rabin Head of Marketing at Kontomatik

Game-Changing AI Innovations Transforming Financial Trading Today

Foday Joof

Foday Joof Risk Management Officer at Central Bank of The Gambia

Revisiting the Sunken Billions: The Gambia's Perspective

Oleksandr Strozhemin

Oleksandr Strozhemin Co-founder and CEO at Trinetix

Top 3 Key Challenges of Accelerating Digital Dexterity

See all opinions

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

21,462
Expert opinions
43,679
Total members
363
New members (last 30 days)
134
New opinions (last 30 days)
28,513
Total comments
Join Sign in

Trending

Raktim Singh

Raktim Singh Senior Industry Principal at Infosys

Industry cloud platforms: The future of Cloud

Alex Kreger

Alex Kreger Founder & CEO at UXDA

AI in Banking: Are Banks Ready for the User Experience Revolution?

Steve Morgan

Steve Morgan Banking Industry Market Lead at Pegasystems

The Criticality of Maintaining Data Quality Amid Cloud Migration and Digital Transformation

Sean Forward

Sean Forward UK CEO at payabl.

Is slow and steady enough for Open Banking?

Now Hiring

All companies

Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.

Please read our Privacy Policy.

Accept