Ask them their name/ last initial, employee ID or unique identifier for the conversation, direct phone number, job title and what location they're based at. Scammers will pretty much always refuse/argue/hang up on this (once I had one start insulting my mother in Hindi when I asked him this). Then call your bank's proper number and verify all of these details.
(But in any case your bank will never call outwards to you, unless you've specifically requested that, which you almost never do.)
Unfortunately my UK banks (and others) DO regularly make calls to me unannounced and demand my ID to 'prove who I am'. They are not scam calls and the callers cannot understand what they are doing wrong. If I'd had more strength in the last round of this stupidity I'd have done a number on them with the regulator. (I used to work in finance and was the director of a regulated financial entity, so I think I'd have a head start.)
In the US Caller ID has been so hopelessly compromised (for almost two decades now, that's on Congress) that financial institutions almost never make outbound calls, and only ever use standardized published numbers; I wasn't aware other countries differ so much.
Please tell us more context with regard to your UK banks making multiple unannounced calls demanding your ID ... were you an individual customer? finance director? MD? or what? Why on earth do they do that? Have you told them in writing not to? There must be more backstory to that.
Banking example: trying to move some savings from one UK bank to another - back to where the money had originally come from, and that had just purchased the first bank too. It took 8h on the phone over a week or so to get the money back, which was interspersed with a comedic number of calls from withheld numbers and people unknown to me demanding enough info to get access to my money. And other very poor practice. The bank even conceeded at least once in writing that it knew that it was screwing up and sent me £100 by way of apology - but carried right on screwing up.
Non-banking: getting a call out of the blue from my Internet Service Provider again demanding enough credentials to get access to my (business) account, and unable to understand why that was very poor practice. I used to like that ISP a lot, and have been with it for a looooooong time, but the angry exchange with who seems to have been my account manager has soured the relationship a lot.
My bank(s) have never called me and if they did I wouldn’t pick up - it’s definitely not a standard in the EU.
My bank (big green French one) pretty much always calls me whenever I do some unusual money transfer, even between my company and my personal accounts (they're both with the same bank), even though the transfers are authenticated either via the app or by an SMS code. However, the people calling me don't ask any details, just "is this vladvasiliu? Is it actually you who initiated this transfer, for x amount on y date?".
[dead]
> They are not scam calls
What are they, then? Sales/marketing calls? Or some security notifications ("we noticed some suspicious operations in the last 3 days...")? If it's the former, that's still scam in my books. Specifically, it's a first-party scam, as opposed to a third-party scam, where some third party pretends to be your bank.
They both should be treated similarly; unfortunately, you can't report first-party scams to police.
In my experience they're security calls. UK has good opt out marketing rules for legit companies.
But the usual security call is exactly like a spam call, no authentication from their end, immediately requesting id verification "answer these security questions", and refusing to go off script.
People have been asking for years to be able to lodge a security challenge code on their profile that can add confidence in the caller. Given there are already multiple security questions on an account, this could be a process change: the security challenge script becomes "the first and sixteenth characters of your mother's maiden name are 7 and F, what are the third and fifth characters of your first pets name".
In the UK, banks like Starling, Monzo and Revolut (and building societies such as Nationwide) have added a call status feature in their apps [0][1][2] that tells you if they are actually the ones calling.
[0] https://www.starlingbank.com/news/starling-bank-launches-in-...
[1] https://monzo.com/help/monzo-fraud-category/monzo-call-statu...
[2] https://www.bbc.co.uk/articles/c1mj02vr0emo
Yeah, this is a no brainer (and I think most banks let you verify via the app rather than personal info) to avoid the annoying uncertainty (but note my mother would not be able to handle that I expect)
No "challenge code" your profile can be used to authenticate a caller. Profiles get leaked, almost all of them have been at some point, or at least that's the safe assumption to operate under.
Yeah as sibling points out, lots of orgs have scammy official security calls. This leads to a dance I have been through quite often.
Almost this exact thing has happened multiple times with one of my bank accounts which I can’t completely shut because of boring reasons but I have basically deprecated because they do this sort of nonsense. My main bank now is much better.One of my banks refused to talk to me over the phone and informed me to go to a branch with 2 pieces of ID. Fair, it was a credit card opened online.
Only to find the 2 pieces of ID were just for them to talk to me and ask for more documents. Rubbish like employment letters (uhhhh, how about YOU call my employer instead of me printing out the “letter” they’ll email me?) or tax return stuff mid-year.
I cut up the credit card and mailed the pieces to their legal department. Someone called me pretty quick and without any authentication hassles.
> how about YOU call my employer
And how would your employer know the call is legitimate and authorised by you?
That’s wild. If my bank needs something from me they send an email saying that a message is available in the online portal - or in some cases they send me a physical letter. Anything else would be highly suspicious
Yeah my actually good bank (Starling) have an FAQ in their app saying “We will never call you”.
This is very much my experience.
I generally say at some point before terminating the call "you should not train your customers to give out account access credentials to strangers" and the caller usually has no clue what I mean. Does no one in the security teams have theory of mind?
This will be the way I bring up the issue with the regulator if I do. I can think of many ways round this issue that would be much safer and not especially arduous.
The caller is a minimal wagie following a script, you can't get mad at them.
The chucklefuck that wrote the script that you can get mad at won't pick up your calls.
That's how responsibility works.
A few of the bank people that I spoke to during the last caper were pretty senior and those did understand the issue that I raised but found themselves constrained by their rules, though one or two got creative with me in a good way. (Pretty much none of those who called me were 'minimum wage' in my estimation.) But very more senior management should be setting good scripts and expectations for the less-well-paid staff doing the grunt work. That is what their higher pay should be buying, IMHO.
Just don’t answer the phone. If it’s something important they know how to reach you, or they can leave a voicemail.
Same in Australia, I've had genuine calls from a bank asking for my security code for identification purposes.
Yeah and people call crypto a scam.
It mostly is, but Monero is pretty good.
it is time we have a good industry standard for this stuff
I dream of a time I don’t have a bank, or not in any traditional sense.
I’d been hunting for ways to use a Wisecard standoff a bank but got a bit wary of what would happen if they went bust. Government backed guarantee do not exist for Wise.
I ask them for all of that and their credit card details, mothers maiden name, name of their first pet, first school they went to, and what colour underwear they’re wearing.
I should probably learn how to insult their mother in Hindi too.
That is an unnecessary interrogation, you don't need to verify the initial call at all. Simply call your bank on your own.