On Thursday of last week I received a voice mail, apparently from my bank, asking that I phone them about my credit cards. The number they left connected me to their call centre, after which the following conversation took place:
Me: Good morning. I’m returning a call about my credit cards.
Bank Employee: Sir, could you please give me your credit card number.
Me: Surely you mean my account number?
BE: No, Sir! Just read me the number printed on your credit card.
Me: I’m sorry, but I’m not giving you my credit card number over the phone!
BE: Why not, Sir?
Me: Because I don’t have any idea who you are!
BE: But Sir! I am Vernon from FNB!
Yeah right! I had to explain to Vernon that, from my perspective, anybody could have left me that voice mail and that he could just be claiming to be from FNB. I pointed out that this looked like a textbook phishing scam, and asked him to think about how this must seem to me.
Amid much exasperated sighing, Vernon ironically put me through the bank’s customer identification protocol and found my card details himself. Of course, the process also allowed me to satisfy myself that I really was speaking to an FNB call centre.
Things turned out for the best after all. The bank was trying to find out where to ship my new cards, as the existing ones expire in a few months. Nevertheless, the entire experience left me with a sense of unease.
My bank insists on an identification interrogation whenever I call them. Unless my accounts comply with the FICA laws, they could be frozen. The same bank, however, is surprised when I refuse to divulge my credit card details telephonically on the strength of a voice mail message. Something is wrong here!
It seems to me that many people would simply have given out their card number. This convenient course of action could undoubtedly expose them to financial risk. While the banks of South Africa are at great pains to train their customers in the avoidance of computer based phishing, the good old human factor has been overlooked.
Curiously, in this post-9/11 world, we have become so accustomed to identifying ourselves subserviently to institutions by means of numbers, documents, and biometric data that we run the risk of overlooking the nature of the information that we give to complete strangers.
Trust is a two-way street. Our laws require banks to assume by default that we are criminals. They, in turn, should not be surprised when this culture of suspicion is turned upon them. Sometimes, when you look at their service charges, this seems strangely appropriate.
Related posts:
