> They are not scam calls
What are they, then? Sales/marketing calls? Or some security notifications ("we noticed some suspicious operations in the last 3 days...")? If it's the former, that's still scam in my books. Specifically, it's a first-party scam, as opposed to a third-party scam, where some third party pretends to be your bank.
They both should be treated similarly; unfortunately, you can't report first-party scams to police.
Yeah as sibling points out, lots of orgs have scammy official security calls. This leads to a dance I have been through quite often.
Almost this exact thing has happened multiple times with one of my bank accounts which I can’t completely shut because of boring reasons but I have basically deprecated because they do this sort of nonsense. My main bank now is much better.One of my banks refused to talk to me over the phone and informed me to go to a branch with 2 pieces of ID. Fair, it was a credit card opened online.
Only to find the 2 pieces of ID were just for them to talk to me and ask for more documents. Rubbish like employment letters (uhhhh, how about YOU call my employer instead of me printing out the “letter” they’ll email me?) or tax return stuff mid-year.
I cut up the credit card and mailed the pieces to their legal department. Someone called me pretty quick and without any authentication hassles.
> how about YOU call my employer
And how would your employer know the call is legitimate and authorised by you?
That’s wild. If my bank needs something from me they send an email saying that a message is available in the online portal - or in some cases they send me a physical letter. Anything else would be highly suspicious
Yeah my actually good bank (Starling) have an FAQ in their app saying “We will never call you”.
This is very much my experience.
I generally say at some point before terminating the call "you should not train your customers to give out account access credentials to strangers" and the caller usually has no clue what I mean. Does no one in the security teams have theory of mind?
This will be the way I bring up the issue with the regulator if I do. I can think of many ways round this issue that would be much safer and not especially arduous.
Just don’t answer the phone. If it’s something important they know how to reach you, or they can leave a voicemail.
In my experience they're security calls. UK has good opt out marketing rules for legit companies.
But the usual security call is exactly like a spam call, no authentication from their end, immediately requesting id verification "answer these security questions", and refusing to go off script.
People have been asking for years to be able to lodge a security challenge code on their profile that can add confidence in the caller. Given there are already multiple security questions on an account, this could be a process change: the security challenge script becomes "the first and sixteenth characters of your mother's maiden name are 7 and F, what are the third and fifth characters of your first pets name".
In the UK, banks like Starling, Monzo and Revolut (and building societies such as Nationwide) have added a call status feature in their apps [0][1][2] that tells you if they are actually the ones calling.
[0] https://www.starlingbank.com/news/starling-bank-launches-in-...
[1] https://monzo.com/help/monzo-fraud-category/monzo-call-statu...
[2] https://www.bbc.co.uk/articles/c1mj02vr0emo
Yeah, this is a no brainer (and I think most banks let you verify via the app rather than personal info) to avoid the annoying uncertainty (but note my mother would not be able to handle that I expect)
No "challenge code" your profile can be used to authenticate a caller. Profiles get leaked, almost all of them have been at some point, or at least that's the safe assumption to operate under.