Identity Theft.

[swestrup]

I just got off the phone with the bank. Or, at least, they said they were the bank. You know, when you set up an account, they ask you for personal information plus a secret word or something so that you can prove who you are. They never ask for something so that they can prove who they are.

They offered to tell me my birth date and address and the name of my wife. Uh, yeah. As if 30 seconds on Google wouldn't tell someone all of that about me. Heck, most of that info is on this very site. He said they couldn't tell me anything that wasn't public knowledge without me giving them private information first. Ditto.

Then they told me they could give me their number, and I could phone them back, and it would prove who they were,  Uh, how? It would prove it was their number, no more. Now, if I could find that number on the bank's website online, that would prove something. Only they told me it was an unlisted number. So I asked them how I could go online and find a number that would lead me back to talking to the person I was talking to now. They said their wasn't any.

So, they're either

A) An incredibly incompetent bank that just doesn't care about identity theft, or
B) an identity thief.

Once upon a time, I would have said the odds greatly favoured A). Now that I've had friends who've had to deal with identity theft, and as its become so prevalent, B) has become a real possibility.

In the end, they said they'll send me a letter. Again, that requires knowing my address, no more. Now, maybe the letter will contain information that only my bank would know, but at this point I'm beginning to doubt it.

So, I have to ask folks here on my friends list: do you take precautions against identity theft, and if so which? And how the heck do you get the banks and other institutions to deal with you in a responsible manner in these cases?  I can't possibly be the only person in the world who has insisted that the person claiming to be from their bank identify themselves first, before they discuss private details with them, can I?

Hell, all my bank would really have to do to prove it was them would be to drop a note into my online account with them, and that would do it. They seem perfectly capable of doing that for advertising purposes...

Comments

[joenotcharles.livejournal.com]

I've never been cold-called by my bank, so no.

What I would have done (and maybe you still can) is phone your bank at its publically available number and tell them the details of the call. If it was legit, they should be able to transfer you to the right department, and if it wasn't their fraud department would like to know.

[swestrup]

Thats an idea. I never know what to do in these situations, and its time I work it out.

[hendrikboom.livejournal.com]

My bank never asked me the kind of questions on the phone that made me suspect they might be identity thieves. They knew what phone number they were calling, and who was likely to live there, and accept whoever answers the phone's assertion that they are who they are. They rarely conduct any business on such a call, but usually just leave a message for me to call them when it's convenient.

Of course, sometimes I get cold-called, and it just happens to be my bank instead of someone else that is selling me a phone plan. Those calls have a very different pattern, and they're not interested in any personal information before they've convinced me to buy. But I always refuse to buy anything directly from a cold caller.

I suspect you're being called by identity thieves.

[kallisti.livejournal.com]

I would say that you should call your bank's faud line and let them know about it, after you get your phone provider to give you the number that called you.

ttyl
'

[kinra.livejournal.com]

Ow, Stir.

Makes me remember it's been three years.

[swestrup]

Alas, too many things remind me of her. Its impossible to avoid them.

[kinra.livejournal.com]

I was actually working on my application to Ontario's Chief Information and Privacy Office and thinking of her today. It's just that to go through what she went through really drives it home again -- I can see her excited smirk with the subtext that she knows what to do if you'd just ask her.

[sps.livejournal.com]

The RIGHT thing to do is (a) give every institution a different false answer to each identifying question and (b) when they ask you for the answer, tell them something identifiable but not quite correct. If they hesitate to accept your answer, correct yourself. If not, they are lying.

(I discovered this ploy by accident. I need to come up with a better algorithm for wrong answers.)

[dcoombs.livejournal.com]

Interesting idea. I don't think I would have the patience for (a), but (b) is so easy it would be foolish not to do it.

[dcoombs.livejournal.com]

As Joe said, it is very rare for a bank to phone you -- and even if they do, it's probably to sell you something you don't want, but even more likely is that it's a scam.

I think the entirety of my desirable interaction with banks has involved me contacting them. At which point I don't mind identifying myself.

[swestrup]

Actually, I find its very common for a bank to phone me. If I miss a payment on a credit card, or something similar, for instance. With my current financial situation, that happens far more often these days than it used to.

[http://users.livejournal.com/_grey_knight/]

The Royal's policy is not to contact the client other than to ask them to visit their branch. Certainly not to ask for personal information over the phone, and never by email (except when logging into online banking where the message would be waiting). And the call back number would have been an 1-800 identified as belonging to the bank. Never a private or unlisted number.

I would say the probability was closer to option B)

[arymede.livejournal.com]

'Kay, so I work for an online money transfer service - not exactly a bank, but operating by a lot of similar procedures and regulated by the same bodies.

We do cold call clients at times. We do ask for personal information, and we do refuse to share personal information until they confirm their identities. That said, we wouldn't even offer to tell you your address, wife's name, or even the phone number we just called you on. We simply ask your name, and then identify where we are calling from and why before asking you to confirm your personal info.

However, it is perfectly understandable that customers would feel threatened or cautious by this... so if someone does not want to answer, that is entirely their prerogative. We offer methods for them to contact us (not everyone can call us on the number on our website, but there are other contact methods published on our website that everyone can use which we would direct you to. Failing that (you wouldn't believe how many people aren't interested in doing shit for themselves and looking our number up independently) we would inform them of the consequences (eg. "Since we are currently unable to confirm your identity, we will be temporarily closing your account. You are welcome to contact us back at any time by such-and-such means to reopen your account.") and once they see that the consequences we informed them about did actually manifest, their suspicions are usually resolved.

That said, no self-respecting bank or any other legitimate identity-checking service would refuse to provide independently confirmable contact info. Even if it was something like 'call your local branch, ask to be transferred to such and such a department, and then ask the rep in that department for my name and employee ID number."

Mildly relevant anecdote - we recently had an interesting call from a detective from a European police department call asking for information and activity records on someone's account because that person had been involved in a local crime. I had one of my agents who spoke that language get his name, badge number, contact info, listened to the request, and explain that he would forward the request to our investigations department and that we'd have the info to him in 24 hours. Hung up the phone, looked up the official website for that country's police and called them back to confirm that the detective existed and that the phone number he provided would actually reach him. Way fun.