Security versus convenience - am I never satisfied?

One of the biggest aggravations involved in dealing with banks and credit card issuers is their security checking process when you contact their call centre. Questions, questions, so many questions. Sometimes, you have to supply this information even when they call you. My recent experience with Barclaycard suggests that they have gone some way towards making this less annoying, but it still raises questions of another sort.

I use my Barclaycard for work expenses. The last transaction I made was for a train ticket on Friday. Late Sunday evening I received a text from Barclaycard flagging up a series of transactions for £50 and £100, made a few minutes earlier. I was asked to reply either Y, confirming they were mine or N, if any of them weren’t. I replied N and immediately received another text, saying they would call me Monday morning.

On Monday morning, I contrived to miss the call, which was to my mobile, and instead picked up a voicemail, asking me to ring back on a 0800 number. This I did, and was greeted with a automated answer system message, personalised with my name, which then put me through to an agent in India. We talked through the transactions and the card was blocked. At no point was I asked any security questions.

Fair enough, except I called back from my landline to get the free call and Barclaycard does not have my landline number, to the best of my knowledge. This makes me think that they dynamically assign a range of 0800 numbers to fraud cases to identify the call. It certainly made my morning less stressful, not having to find my Barclaycard phone password.

I don’t have much information about the fraudulent transactions – I assume they were online rather than card present using a magnetic stripe clone but I didn’t manage to find out if the cvv was used. I’m not sure how the card was skimmed – I’ve never been to Home Depot and this particular card pretty much only gets used with a very limited range of retailers, mostly online. Perhaps there was a skimming device in the Scotrail ticket machine? Has Viking been compromised recently? Or the Scottish Crime Writing Festival (oh, the irony)? The choices otherwise are fairly limited.

However, the use of the text to initiate the fraud control process gave me pause. This strikes me as the sort of thing that may not always occur to men but if you steal my card in person, the chances are you will steal my phone too because they are both in my handbag. Then you only have to reply Y to the initial text (assuming I don’t lock my phone, which many people don’t), and carry on your merry way. Here, some form of authentication, possibly a biometric one, seems a good idea.

In other words, the old security versus convenience tension raises its head again. I greatly appreciated not having to go through the whole date of birth, password and first pet/school/car/favourite teacher nonsense on the phone (most of that is firmly filed under ‘trauma – forget’) but a bit of authentication earlier in the process wouldn’t have gone amiss. That said, I didn’t reply Y initially, so I don’t know what would have happened then.