Sun, 09 Aug 2009

Please answer a few security questions.

I just received an automated call from Santander.

Let's set aside the stupidity of calling me on a Sunday, when all banks are closed, as the parent organisation being in Spain and the call centre being in India and this being a case of cultural stupidity.

What really annoyed me is that they wanted me to answer a few security questions, like what my address is, my date of birth.

They called me.

There is no guarantee that the person who claims to be from Santander is actually from there. It could be any random person calling and pretender to be them.

But what mechanism could they use to validate themselves? What about using two-factor authentication?

They could have called me from a number that they print on the back of the card, which is would have at least been a good starting point. It is not impossible to spoof an originating number but does increase the burden of effort on someone trying to perform identity theft. Fail one.

After explaining this to the women on the other end, she kept asking me to fill in the questions and then hung up in a gruff. Fail two. I had a similar call from HSBC earlier in the week as well. After explaning that since they called me, they either have something to tell / sell to me or they don't. He agreed. HSBC wanted me to come in for an appointment to review some ways they can "help me".

So it was a marketing call. At least HSBC have someone who is able to independently reason. They only score a single fail for trying to have me authenticate to them.

Principals of outbound calling:

• If you make the call to me, the burden is on you to prove who you say you are. Not me.
• Not all calls require me to verify my identity to you. Particularly sales and marketing calls.
• There is no reason to disturb me on the weekend.

[ / security] Trackbacks (0) Comments (0) permanent link permanent link

About

ॐ (aum) - what was, what is and what will be, wildfire's musing

Anand Kumria
wildfire@progsoc.org

Calendar

Topics

• beauty - 1
• blogging - 3
• books - 1
• debian - 7
• edinburgh - 1
• finance - 1
• freedom - 2
• general - 1
• hardware - 3
•   dell - 2
•   disks - 1
• health - 3
• helsinki - 1
• london - 1
•   review - 1
• salsa - 1
• security - 2
• software - 19
•   blosxom - 2
•   gnome - 1
•   moblog - 1
•   ubuntu - 1
•   vcs - 2
•   zeroconf - 1
• sydney - 8
•   isp - 3
• thisisbroken - 1
• travel - 1
• work - 2
•   awayphone - 1
•   general - 1

Subscribe

Subscribe to a syndicated feed of my weblog, brought to you by the wonders of Atom.

Music

 

Blosxom

Rendered in only 0.0818 seconds.

Web Standards