dingbat

News

UK banks use robo-callers to make fraud-check calls, conditioning customers to hand out personal information to anonymous machines that phone them up out of the blue

My latest Guardian column, "Automated calls, fraud and the banks: a mismatch made in hell," reacts to the news that UK banks are using robo-call machines to check in with customers on possibly fraudulent transactions, and going about it in the worst way possible:

The banks, bless them, are only trying to prevent fraud, but this is a pretty silly way of going about it. For starters, there's the business of calling up people and asking them to give you all the information necessary to prove that they are indeed a bank customer – all the information that a fraudster needs to impersonate that person at the bank, in other words. The banks have spent decades systematically conditioning us to give our personal information to fraudsters, which is a strange way to prevent fraud.

But at least this silliness had one saving grace: a fraudster can only make so many calls per day, and so the scope of losses from such a programme of bad security education is limited by the human frailties of con-artists.

Enter the robo-caller. The banks are now outsourcing their fraud prevention to computers that can make dozens of calls all at once, around the clock, fishing (or phishing) for someone who just happened to have made an unusual purchase and is thus willing to spill all his details down the phone to get it approved. Note that most of the categories of purchase that trigger false positives from fraud detection systems are also the sort of thing that customers are anxious to see go off without a hitch. The unusual and the urgent often travel together.

Automated calls, fraud and the banks: a mismatch made in hell


One Response to “UK banks use robo-callers to make fraud-check calls, conditioning customers to hand out personal information to anonymous machines that phone them up out of the blue”

  1. James Riley says:

    I'd contribute on BB, but disqus and Trisquel don't get along...

    I've had exactly this problem. I basicly did "no, I'm not giving a robot my details", check number, withheld, naturally. Find time to go to local branch. Person in local branch actually tells me I did right thing, since I didn't know it was my bank calling, I didn't give them the details they wanted.

    They put me through to the right dept in fraud prevention, and we covered it all nice and happy.

Leave a Reply

Creative Commons License

Cory Doctorow’s craphound.com is proudly powered by WordPress
Entries (RSS) and Comments (RSS).