In order to help protect the public from scams, the British Bankers’ Association recently published a guide of 8 things your bank would never ask you to do.
There should perhaps have been a 9th item on that list: Call you up and ask you to go through security.
I still hear stories of people who have been called by their bank and asked to provide personal data for the security check. This is bad practice and it effectively conditions members of the public to expect that they must out personal information on incoming calls.
Unfortunately, criminals have also been known to ring people up trying to get hold of personal data and banking details, for example in the Courier Scam.
If someone calls you, then you have no idea who is actually on the other end of the line and whether they are who they claim to be. Here are a few tips to help you avoid becoming a victim of fraud:
- Do not give out any personal data on an incoming call.
- Even if you have caller display and believe you recognise the number, it may not be a genuine call – some criminals have phone spoofing equipment that displays a fake number.
- Just because someone says they are from your bank (or the police) does not make it true. If they are genuine, they will be happy for you to check their identity.
- To check their identity:
- Take their first name + surname – or unique employee ID – and name of the department they work for.
- Wait 10 minutes after the incoming call has ended or call back from another phone. This is to make sure they are not still on the line.
- Call them on their published number rather than any number the caller gave you. You can find this on any documentation you have or on their website in the Contact Us section.
- Ask to be put through to the employee you spoke to.
Perhaps it is time our banks introduced best practice such as:
- Not expecting or encouraging customers to give out personal data on incoming calls.
- Providing a well-staffed Freephone contact number on their website that customers can call to complete security checks and then be passed to the relevant staff member.