Community

Join the Community

23,090
Expert opinions
43,872
Total members
354
New members (last 30 days)
161
New opinions (last 30 days)
29,004
Total comments
Join Sign in

Who the f... are you?

  0 2 comments
Retired member
Unfollow

My mobile phone rang this morning. By the time I reached it, the caller (with blocked caller ID) hang up. A minute later my (ex-directory!) home number rang. I picked up the phone.

The person on the other end of the line told me he was from Barclaycard's fraud investigation department and wanted to verify some transactions (Barclaycard does indeed makes such calls from time to time).

I joked that I cannot be sure he was indeed calling me from Barclaycard to which he replied he would not be asking me for any personal information.

The very first question was: "Who do you bank with?" - "Hm, Barclays, obviously..." - "And apart from Barclays?" - "Why do you need to know?"

He told me again he was there to help me. Did I ask for any help?

"What is your email address?" - "Tell me what address you have on file and I will confirm whether it's the right one." (I have two work addresses and three private ones.)

At that point the guy realized he is not getting anywhere and suggested I called Barclaycard myself "to verify those transactions". Which I did. There were no transactions to verify, and their fraud investigation department had no scheduled outgoing calls in the system in respect of my account.

Social engineering is the key part of spearfishing fraud. It can penetrate even two-factor authentication security to play the classic "man in the middle" attack. To protect consumers, banks need to ID themselves first so that consumers know who they are dealing with. How can that be done in a secure way? That's a million dollar question. Any answers?

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

5418
 

Share

 
 
 
 
 

Channels

/security
 

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

Join group

1792 opinions 260 members

Comments: (3)

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

NetBanking websites can of course authenticate themselves to users by displaying a graphic or text or both that was preselected by the user earlier. But I think you're asking about incoming calls, for which I have no answer. I keep getting similar calls and I respond similarly. The social engineers quickly hang up when my questions become too uncomfortable. The genuine callers flag me as a "difficult customer in their CRM, which generally helps me get good service when I call them next! Only once did the caller display presence of mind by reading out my last card transaction. Not sure if that's a foolproof method of authentication.

Chris Errington

Chris Errington Semi-retired at None

I took a call from a member of the Lloyds Group, who said there was an unusual transaction on my account and they wanted to check it.

Went through the same dialogue of 'you show me yours and I'll show you mine'.  Did establish that they were probably genuine but wasn't sure because the branch they were calling from wasn't my local branch - I knew where it was but I had never been there [subsequently found it is the closest branch to my postcode; clue #1].  Asked specifically whether this was a sales call.  No, categorically not - there was an unusual transaction on my account I needed to check out.

'We' agreed I would ring head office.  Did so.  The caller was genuine.  But in fact, a genuine sales person at a Lloyds Group branch looking to invest my 'unusual receipt' - my monthly wages (which I've had for 10 years in a row) [Clue #2].  Head office said I had probably not checked the privacy box on my preferences - oh, the head office person says I had.  Oops. 

Received a similar call a few months later, someone different but same storyline.  Same pretence - but this time I knew the game.  Thinking about it, I've had a number of these calls over the years but just put the phone down.  Then home phone rings and same story.

Shame they are using the 'unusual transaction' angle since banks need all the help they can get in combating fraud - not 40 year customers who have been through this and just hang up.

My calls ran very, very much like yours.

A Finextra member 

The funny part is... that was indeed Barclaycard who rang me this morning - one of my Barclaycards got blocked this afternoon because of some "suspicious transactions".

More expert opinions

Fernando Henrique Silva

Fernando Henrique Silva SVP Digital Solutions EMEA at CI&T

Why disability inclusion should be fintech’s next frontier

11

Katherine Chan

Katherine Chan CEO at Juice

Scaling in a high-cost world: How SME founders are adapting

Igor Kostyuchenok

Igor Kostyuchenok SVP of Engineering at Mbanq

An Open Letter to Incumbent Banks

1

Prakash Pattni

Prakash Pattni MD, Financial Services Digital Transformation at IBM Cloud

Why Banks Should Bet Big on High Performance Computing

1

See all opinions

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

23,090
Expert opinions
43,872
Total members
354
New members (last 30 days)
161
New opinions (last 30 days)
29,004
Total comments
Join Sign in

Trending

Igor Kostyuchenok

Igor Kostyuchenok SVP of Engineering at Mbanq

An Open Letter to Incumbent Banks

Jonathan Hancock

Jonathan Hancock Head of Product & Innovation at The ai Corporation

A Guide to Strategic High-Risk Merchant Management

Taras Boyko

Taras Boyko Founder at BTG Corporate Services Provider

Fintech 2.0: What Makes a Startup Appealing to Investors in 2025?

Ted Sausen

Ted Sausen Director - AML Subject Matter Expert at NICE Actimize

Preparing for the Shift to ISO 20022 – How FIs Can Get it Right

Now Hiring

All companies

Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.

Please read our Privacy Policy.

Accept