Why do we have to confirm our details when a company calls us?
Posted by Fluid-Coast-3799@reddit | AskUK | View on Reddit | 141 comments
I received a phone call today from Scottish Power. I’d been told in advance that they would be calling to follow up on a complaint, and I have their number saved in my phone, so it appeared as “Scottish Power” when they rang. However, the adviser said that for data protection reasons I needed to confirm my full name, address, date of birth, and email address to proceed with the call.
With the number of scams happening these days, why don’t companies provide customers with a passcode or password that we can quote when they call us, so they know they are speaking to the right person? Also if we are provided with a passcode/word for them, we would be assured it's not a scam caller. Is there a genuine reason this can't happen?
Objective_Mousse7216@reddit
I refuse to reveal my details because a callers number can be spoofed. I ask if I can call them back on their official published phone number and ask for a particular dept or person.
ElusiveCrab@reddit
I get it. But with us that means you go from having something sorted out right now to sitting in a queue for an hour or 2 before being passed around back to me lol.
Passwords would make way more sense tho
Objective_Mousse7216@reddit
Not risking my details to a scammer, who will then know my phone number, address, DoB etc.
Factorioboyio@reddit
If a scammer has the ability to spoof a phone number they don’t need you to repeat your address lol. They already know it.
Besides, first line of address, postcode and the other information used to confirm who they (companies) are talking to is utterly useless to a scammer/already publicly available.
You’re basically wasting your time by being so paranoid.
Objective_Mousse7216@reddit
Well I've never ever been scammed, had card fraud, so I'm happy to carry on with my severe paranoia mate.
Factorioboyio@reddit
Do you want to buy my rock that keeps tigers away?
MooseBuddy412@reddit
Thats why a password works I guess
bourton-north@reddit
How would that work? They give you a password, so you have to remember dozens of random company’s words that you hear from every few years?
MooseBuddy412@reddit
So basically you enter into an agreement with a Company or Service Provider and they log and store a password that you give them to verify that its only them.
When they call you can rest easy knowing you dont have to hand out your data in any way until they tell you the password you agreed on.
When they verify who they are you can then begin with whatever business you have with them.
bourton-north@reddit
I understand the idea, but it’s not very practical as it requires you to remember random passwords from companies you may not hear from for years. Many different audible passwords, no easy way to store or retrieve etc.
MooseBuddy412@reddit
This is true, you make a good point about infrequent calls. Gone are the days where a warm operator called you by name because you were a loyal customer to that company and trust was as important as financial transaction between both parties.
RagerRambo@reddit
I totally agree with OP but you are correct. Little don't remember their own passwords let alone another for each account that the provider needs to give you
Objective_Mousse7216@reddit
Scammers will say the password does not match what is on their system, so let's go through a security check, DoB, address, email, etc etc. No. I will call you back.
fleapuppy@reddit
The caller should be giving you the password, not the other way around
apokrif1@reddit
Or progressive passwords: caller gives the first digit of their password; iff correct, callee gives the first digit of their own password; and so on.
Objective_Mousse7216@reddit
That doesn't happen, not with anyone I've ever dealt with.
fleapuppy@reddit
It doesn’t actually sound like you’ve ever tried it to be honest
DrachenDad@reddit
You would give them the (public) password when you setup the account, if they can't give you the password then they aren't who they say they are.
knotatwist@reddit
A password is for them to give to you, and then you give them your details. That way you know THEY are not scammers.
apokrif1@reddit
Disclosing a password to a potential scammer 🤓
ElusiveCrab@reddit
And like i said i get it. Was just saying what happens when people do this with us. Its a stupid system that punishes people for not handing out details to a random caller
UnNormie@reddit
One time I got cold called by my bank and they said they were detecting suspicious activity. I'd never had them call me before like this so I asked if they could prove they're from the bank and not a scammer/if I could call them back if not and they seemed so confused/shocked. I guess they weren't used to that happening. Turns out it was in fact my bank and they seemed annoyed I called them back rather than talking the first time.
brigadierbadger@reddit
Disappointing. I had a better experience. I'd been out of mobile coverage for a few days, got back in and saw fraudulent credit card charges, then got a call from the bank. Told the guy I was sure he'd understand that I was going to hang up and call the number on the card to be on the safe side, and he just laughed and said "very wise, sir"
jake_burger@reddit
They were annoyed?
They should be happy you take security and fraud seriously, because it’s usually the bank who has to pay for it and police it.
QuestNetworkFish@reddit
From a policy point of view this is true, but from an employee point of view, often they have targets that are odds with this policy and stuff like this creates extra work for them. They shouldn't express this annoyance to the customer, but at the end of the day they're human, and I don't think anyone who has worked customer service can honestly say they haven't been a bit arsey with a customer when they're in a bad mood through no fault of the customer.
I try not to take the attitude of people working in CS personally, unless they're exceptionally rude
Postik123@reddit
I've had this with my bank a few times. As you pointed out, they seem perplexed when you challenge them over this.
acceberbex@reddit
Had the opposite at work with our bank. Called me off a different number (we have a local branch and known contacts but it was an 0800 number as on their website). Wanted to check a payment was genuine but I'd need to go through security. I declined, said I'd call local branch and confirm with them and then call back. I did, was all genuine and they'd even phoned local branch to say they'd tried to call me. Honestly didn't care I'd been paranoid and said they'd rather we do that every time if we're unsure
Azure_727@reddit
This happened to me, I did the same and the chap I spoke to heaped praise on me for being so sensible.
Objective_Mousse7216@reddit
I know right. It pisses me off. Don't fall for scams, be vigilant, don't trust callers asking for personal details. Then the bank calls (sometimes from a hidden number) "Hey we are the security team at your bank, so we know it's you, give us all your personal details right now!"
Historical_Cobbler@reddit
I do the same, I know they’ll think I’m being a dick but I’ve had some very clever attempts on my banking so why risk it.
The element I find most frustrating is the companies can’t use their own apps, and you need alot of apps. I ask them to send me a verification message in the app and they just can’t do it.
Over-Language2599@reddit
Exactly this. Otherwise it could be some random person calling you up to get all your personal info to steal your identity.
IdioticMutterings@reddit
I drive companies up the wall with refusing to confirm my details when they call me. I've even challenged them to confirm my details to me to prove they aren't a scammer.
Several of them now just send me an SMS, saying "We need to talk with you, please call us on the number on our website and ask to speak to...."
Majestic_Bluejay1801@reddit
i never do now, i ask to call them back.
Abyssal_Station@reddit
I was amused the other day when I got a call, They said Hello is this First Name Last Name, and to confirm they were who they said they were they confirmed to me, my address, email and a confirmation code. Then inorder to confirm who I was, they asked me for my name, address, email and confirmation code...
sammytwolegs@reddit
They could ask for the first few characters of your address or only the numbers in your postcode. That way you're revealing minimal, but it's still something that only you would know
Ok_Wrap5233@reddit
They don’t know that it’s you who answered the phone and they’re legally not allowed to discuss your account with anyone else.
NaughtyDred@reddit
I've worked for 2 companies that ask for a password when calling back, so it is a thing. In regards to why you have to answer the questions, it is because of the very strict GDPR legislation in place.
The thing I don't get is how people are still not used to it, we have had data protection questions for at least 15 years now if not longer.
thx1138a@reddit
People are used to it. I think OPs point is that it is inherently bad practice to teach people to give out these details to unidentified callers.
papayametallica@reddit
Virgin media used to make me laugh. They’d ring me to offer a better deal then ask me for my personal details. I had to explain several times that as they were ringing me they must already have my details. Duh
-Lexxy@reddit
I used to do outbound calls!
We would have to confirm full name, address and DoB to make sure we're talking to the right person (although other people people would know those details)
If wanting to make any changes to account or discuss anything specific to the account, then we would need to ask knowledge based verification questions (bank details, date of last payment etc).
Contact centres are governed and have to follow specific guidance so the reasons for so many questions are decided by people not on the call and they usually aren't told why
TonyBlairsDildo@reddit
It's a terrible practice to encourage customers to divulge personal information to strangers on the phone.
If I had my way, GDPR would be updated to ban the practice entirely.
-Lexxy@reddit
Then anyone will be able to call up, change your details and access your accounts 😊
TonyBlairsDildo@reddit
What's your Reddit password?
Postik123@reddit
I've had such calls from my bank before, and whilst I'm 99% certain it is my bank, I refuse to provide any details out of principle. They seem somewhat perplexed when I tell them I can't be sure they are really calling from the bank.
CriticalCentimeter@reddit
so you were expecting a call from SP and you received a call from SP at the time expected?
What really is the issue here?
To answer your question re security tho - if I get a call that I am not expecting from a company I get services from, I'll have them email me while Im on the call before confirming any personal details.
FlippingGerman@reddit
You cannot trust that an email came from the address it claims to.
If they add in a personal detail - and not something not actually secret, like the first line of your address or something, that may be a more trustworthy sign.
escapingfromelba@reddit
Scams often work because the scum bags know that loads of people at any given time are expecting a parcel, bank with a certain company or whatever so they chance phoning loads of numbers.
CriticalCentimeter@reddit
scammers dont appear as Scottish Power on your handsest. They'll likely appear as 'Potential Scam' 'Potential Telemarketer' or just a number you dont recognise
escapingfromelba@reddit
Scammers spoof numbers all the time.
Hell, there's weekly posts from people wondering why they are getting angry people phoning them back because some ne'er-do-well has spoofed their mobile number.
CriticalCentimeter@reddit
maybe its just my provider - but I get detailed info on whomever is calling. If it says Telemarketer - its a telemarketer. If it says Potential Scam, its some person claiming to be O2 (without fail). If it says a company, then, without fail, it is that company.
Either way, asking them to quickly fire you over an email from a company email address solves any problems - at least for me it does
nathderbyshire@reddit
That's because they marked the number as potential spam. If a scammer spoofs a number it appears as the legit one and your phone or provider can't tell the difference, it sees the number matches a certain business and that's what will be displayed on your screen, not a scam alert.
Fluid-Coast-3799@reddit (OP)
I was making the point that I knew it was Scottish Power so wasn't too worried about giving my details and wasn't until afterwards I wondered why I had to give all my personal details over the phone. The email suggestion is a good idea.
Over-Language2599@reddit
You can't be sure it's Scottish Power because numbers can be spoofed. This is the danger.
SarkyMs@reddit
My husband got a BT scam call on the day our broadband was being updated. It was just fluke but he fell for it.
Inkblot7001@reddit
This has been a dilemma for some time. They do need some form of confirmation, but for us, the consumer, there is a risk.
I frequently ask them for confirmation first. If they can't do it, I ask them to escalate and ring me back when they can.
Ultimate_os@reddit
What proof do they give that they are who they say?
Inkblot7001@reddit
Something not easy for them to find out, like when did they last read the meter.
IntronD@reddit
I refuse these days. If it was so important you can send me a letter and I'll look at it. But I'm not going to just tell anyone who just called me all my personal details. You called me, you should prove who you are.
Gullflyinghigh@reddit
For data protection/governance purposes. I can guarantee the person on the other end thinks it's as saying as you do, perhaps more, but (if they're working somewhere like where I used to) it's not worth the grief they'll get for not following the procedure, even if they know who you are already
Majick_L@reddit
When I worked at SafeStyle UK many years ago, that’s exactly what they did. But people still moaned about it and gave incorrect passwords / forgot it etc
Sad-Action-8869@reddit
Have often argued the fact when I get a random call from a business I use, " you want me to verify my details? How about you verify yourself first!"
10-15-5-12-@reddit
You’ve just made some minimum wage call centre’s day more difficult, just to be awkward. Congratulations.
Bethurz@reddit
To be fair I do outbound calls at work and when they're not happy to give out their details I just say that's fine and either tell them I'll email them or ask them to call in on the number they have for us and move on with my day.
I actually prefer it as despite it being my job I don't wanna talk to people...
RhubarbAndCustard06@reddit
They are potentially opening customers up to fraud because they call and ask for details. Especially if they do this unexpectedly. Caring about the security of your personal data is not being awkward. The staffer calling a number they have on file for a customer is more likely to be speaking to the person they think they are (most people will say if they are not Mr/Mrs/Ms X) than the person who is receiving an unexpected call. Maybe confirming one of address or DoB is OK, it's not much use to a fraudster without the other, but they usually want both.
Asking someone you call to confirm details says "I don't care what happens to you so long as I've covered myself" so it really shouldn't be a surprise if the other person responds in kind. They shouldn't take it personally provided the customer does so politely and should direct them to call back using a verified number from a statement. If this happens and the staffer doesn't like it, then respectfully they are in the wrong job.
If you do fall victim to fraud or a scam in this way, it is going to take a lot more than a day to sort out - and the customer won't be getting paid for their time. In fact they will probably be left out of pocket too.
If enough customers refuse to give their details to people that call them, those in charge will realise they actually need to develop a secure way for such calls to happen. No sense them paying staff to call people who won't speak to them in any meaningful way.
Savvymundo@reddit
Because they're staff on phones who don't get to decide the process they have to follow. If you don't like it, raise a complaint, but being mouthy to the poor sod calling you is a bit unfair.
Sad-Action-8869@reddit
I can only guess English is not your first language or you are yet to experience the real world! Who said anything about being mouthy or even rude. I guess you are probably not a " grown up " and have yet to experience the amount of random calls a person can receive from ' banks and phone companies etc ' offering deals. The point is there is nothing to verify the caller, even phone numbers can be spoofed.
AscendedLens16@reddit
Because if we’ve got the wrong person it would be a huge data protection issue?
Someone else might be answering your phone, your number might have changed, etc etc.
tom56@reddit
Yeah but less of a data protection issue than asking me to give my name, address, and date of birth to anyone who calls me
AscendedLens16@reddit
Not really.
You own your own data and make choices about who you give it to.
jake_burger@reddit
I don’t think you get what’s being said.
It’s not that people don’t want to give out data to the bank - who already has all of that by the way.
People are worried that it might not be the bank on the phone and they are giving out personal information that can then be used to commit fraud because apparently it’s quite easy and common to use basic information to steal someone’s identity.
RockTheBloat@reddit
Sure, and the company are worried that they might disclose your personal data to someone else.
RealLongwayround@reddit
Correct. And the only correct response then is not to ring up and ask for personally identifying information since this trains naive customers to give out their own details to random callers and opens them up to scams.
Here’s how it works.
Using freely available software, a scammer disguises their CLI as that of, for example, Huge Building Society. They ring and announce themselves as calling from Huge, asking for my name, date of birth, mother’s maiden name and the first line of my address.
They now call for example Big Gas Company. They know my name, date of birth, mother’s maiden name and the first line of my address. They access my account.
This happens daily across the country.
AscendedLens16@reddit
To be fair it’s not that deep.
We ask your name because if you call up and say “hello is this X” the gut reaction is to answer truthfully.
If we explain why we’re calling you can then lie to find out more information
RealLongwayround@reddit
To be fair, it is that deep. Scammers exist and do this daily. I take the initial reports at times, directing the victims to Report Fraud.
Ultimate_os@reddit
Banking apps have started showing you if you’re talking to them or not. That should give peace of mind.
AscendedLens16@reddit
Yes so that’s their own choice to make.
The original post asked about WHY you’re asked for that information.
GoalLower@reddit
This is the issue I have though, places like the bank, if I change my number, I’m going to tell them I’ve changed it, and it’s very unlikely I’m not going to answer the phone, so that excuses is is unwarranted. If someone has stolen their phone to be able to fraud them, then chances are they have the other details as well
AscendedLens16@reddit
It’s not though is it?
toady89@reddit
Why do companies no longer say where they are calling from before asking who they're speaking to? They used to years ago but now they act baffled when you won't confirm your name first.
AscendedLens16@reddit
I work at a hospital so it’s probably a little different but the first thing I do is confirm who I’m speaking with before saying where I’m calling from. Preserves confidentiality.
Norsa321@reddit
As someone who has to make calls (not a bank mind you), it is mind boggling how often some people change their phone number and don’t update it, or enter it/ write it down wrong
Repulsive-Echidna-74@reddit
To make sure they're taking to the right person. You can generally ask for a password to be put on your notes if you want to
AshaNyx@reddit
Ik with my bank at least if they call you up asking for personal information they will give you a reference number if you just wanna call them back to verify.
zeddy123456@reddit
Monzo has a cool feature in the settings that tells you if they're calling you or not, it's so simple but really smart!
Mindless_Ad_6045@reddit
Except from the fact that all the info they ask for is extremely easy to get. I know all those details about my brother and some of my friends.
Repulsive-Echidna-74@reddit
Great thanks
Lovecraftian666@reddit
They literally told you for data protection reasons 🫠
TheZZ9@reddit
So what should you do when a scammer phones you and asks all those questions and says it is for data protection?
idris_elbows@reddit
I've had this argument with an insurance company that phoned up. You phone me, YOU provide security answers.
GoalLower@reddit
Along the same lines, I hate when people say I’m going to send you a letter in the post because it’s more secure than email. Please explain how that is more secure? A letter can get lost, never arrive, late, whereas an email, it can be instant, they can confirm on the phone that you’ve received it and if you haven’t you can tell them straight away. It also can’t be intercepted and read unless your emails get hacked
vivalaalice@reddit
I had one ring me the other day who asked for the wrong name (I answered because I’m dealing with loads of things at the moment that would warrant a call from an unknown, business number) I told them they had the wrong name and to not call me again and they spent about 10 minutes trying to tell me I had to give them my actual name for them to remove the number 😭 (I did not)
SenseMakesNone@reddit
Because we are told to by management. Believe me, we find it as bizarre as you do.
Its something to do with the fact anyone could answer your phone, or be an old number tied to someone else etc.
InternationalCap6019@reddit
Yes they do have to complete data protection checks. It's the law. They should also tell you that their calls are recorded (assuming they are). If you are uncomfortable, they will not object to you calling them back on the number you have for them, and will be happy to give you their first name so you can ask for them.
RealLongwayround@reddit
It is not however the law that they must complete data protection checks by expecting the person who has been called to give out their own details.
I work in a call centre for a government agency. We never ask people to give us their data when we call them because we understand how scams work.
InternationalCap6019@reddit
I worked in a financial services calls team and we always did that. Anyone who was uncomfortable was invited to.call us back (our SLA wait time was under ten minutes)
MyDadsGlassesCase@reddit
The problem with this is that - depending on the type of line - you hanging up may not disconnect the call. The scammer then stays on the line while you dial the number and then "answer" it.
On landlines you should wait a good couple of minutes to do this so the line disconnects automatically
DoKtor2quid@reddit
They might have to complete data protection checks, but also crazy that they are asking you to give out this personal info when you don't know for sure they are who they say they are. Exactly what scammers would do! I like OP's passcode idea far better.
akrabat@reddit
I refuse to answer until they have proved who they are. This completely confused the Octopus agent that called me.
bristoltim@reddit
THEY phoned YOU, it is THEY who have to prove their identity to YOU - not the other way round.
Have lost count of the number of times I have answered the phone to some twat claiming to be from my bank,or the council, or electricity supplier or whatever, who gets arsey and offended when it is pointed out that they need to prove who they are first.
Sometimes on calling back the real bank, or council, or electricity supplier, it turns out that they were genuine, but the company concerned never seems to understand how stupid and arrogant they are being.
Most of the time though, it turns out to have been an attempted scam.
nathderbyshire@reddit
On an inbound call where you call in, you'll often verify your identity before speaking to someone. Your number will be the first marker, then they'll ask for two more points, usually DOB and an address. If you don't pass DPA, they'll do it on the phone and may ask more specific questions like the amount of your last if it's a supplier, or the amount and date of your last purchase for a bank as generally only you should have access to that information
When someone calls you, there's no automated DPA process so they have to do it manually.
If you're unsure, hang up and call back on a number you know is legit - even if the number on the screen says it's legit, anything feels off end the call
SoggyWotsits@reddit
EE business use a password system instead, and only ever ask for two characters from it. I much prefer it to reeling off other information.
baadhumans@reddit
I don't. If they call me they can prove they're who they say they are. If it's oh so important they can send a letter or an email.
R2-Scotia@reddit
The only company that does this correctly is American Express, who will authenticate to the customer first.
Jesterstear99@reddit
Virgin Media & BT definitely have the password thing, because I've fallen foul of it.
No one, including me, ever has a clue what their password is though because you might only contact them every two years.
The solution is to always use the same password for everything, which is wrong on so many levels......
Objective_Mousse7216@reddit
Virgin Media are like, can you revels character 5 7 and 9 of your password. Which password? The one you setup when you joined us. That was like 15 years ago buddy....
Jesterstear99@reddit
Yes!
Not only do you have to remember a password that you thought was great 15 years ago, but you have to write it down now and count letters.
They don't even have a prompt to tell you, like "Favourite dinosaur" they just sit waiting.......
geekhalla@reddit
There's a reason for that. Older systems within one of those had a prompt for password resets. The prompt questions people chose were ones easily answered. And a not surprising amount of people think they're being clever with a stock answer (most common was 'mum' for mothers maiden name).
hunsnet457@reddit
The issue is whatever measures are put in place to ensure you’re speaking to a genuine caller will just make scammers adjust to the new processes. There isn’t a permanent way around this because fraudsters are able to adjust much faster than a large company.
There was a time where companies used passcodes to confirm they were genuine, but scammers adapted so it became obsolete. Some companies are introducing features in their apps to show that you’re on a call with them, but it’s super expensive and an easy way around it is to just tell someone the feature is broke…
No feature created to prevent fraud permanently prevents fraud, so often it’s easier to spend that time and money elsewhere.
Not_Sugden@reddit
Its to verify they are speaking to you and not somebody else who has picked up your phone or hijacked your sim. Usually they confirm to you first that they are a legitimate caller by revealing limited information, for example could be the last 4 digits of your energy account number and the name of your bank where the direct debit comes from. Might not be what they use practically but just to give you an idea
Historical_Owl_1635@reddit
Santander used to do this.
Haven’t spoke to them on the phone for years so no idea if they still do.
Ultimate_os@reddit
HSBC had this as well. Not sure if they still do. It was just another password to forget. Waste of time really.
megasin1@reddit
This is bad practice on Scottish powers side. You shouldn't have to reveal anything when they call you and you should simply say "I'm sorry I don't give out personal details over the phone". They should arrange a way for you to call them to give personal details or send correspondence online through a Web portal you've logged into
stevem520@reddit
I always ask their first question wrong on purpose. If they call it out as incorrect, they have access to the correct answer and are more likely to be legit. If they don't call it out, they don't know the correct answer to what they are asking and the phone goes down
geekypenguin91@reddit
I had a call a few months ago where the call handler gave 3 options for year, then 3 for months and 3 for day when asking for my DoB which feels like a slight improvement.
Likewise they asked for the house number on [street name]
vibrant_squirrel@reddit
For data protection as they state
Farscape_rocked@reddit
20 or so years ago I worked in a callcentre for Sainsbury's To You. If your card failed the store liaison team would call and say "hi it's Bob from Sainsbury's to you, your credit card failed, please can you confirm the details for me?" with absolutely no effort to confirm who they were, and people always gave them their card details.
I read an article on The Register about phishing and emailed the author saying "that's nothing..." then relaying what I've just said. They published it with my name and the company name still in there.
The head of the company who ran sainsbury's website read the comment, and called the head of the callcentre company to let him know. My line manager calls me in a meeting and his boss walks in with a printout and I can see the Register logo through the paper and know I'm fired.
My boss says "Now, there are two people in the company with your name. There's you and there's a guy in Northern Ireland who nobody likes. Was this you or was it him?" and I couldn't get another dude fired and I was only a temp so I said it was me and apologised. I was marched to my desk to collect my personal items then marched out of the building.
I emailed the dude at the Register to express dismay at him keeping the company name and my name in and that it'd got me fired and he said "sorry, I didn't think it'd be a problem".
A week later everyone all the temps on the Sainsburys contract were dumped because the company lost a different contract and had to give their permanent employees something to do.
DMMMOM@reddit
If anyone calls me and asks for my details I always refuse. I ask them to send a mail in request if they think I know who I am.
stevecrox0914@reddit
Never confirm your details when someone calls you.
Ask them to identify themselves and how to find contact details so you can call them,allowing you to verify who they are.
linkheroz@reddit
Imagine if they didn't ask and they called you after your phone was stolen or something 🤷♀️
PolarLocalCallingSvc@reddit
So they know they're actually talking to the right person.
You can always hang up and call the company directly if you are concerned. It is recommended to wait a minute or two for a line to close before doing this but it's outdated advice really.
Xaavuza@reddit
DPA.
ActionBirbie@reddit
To confirm they are talking to the correct person - There are certain privileged things (for example, medical information) you can only share with an individual directly - Yo cannot tell just anybody and ask them to pass on the message.
MyDadsGlassesCase@reddit
If I'm feeling particularly flippant I'll often play the "But how do I know it's really you" card for the HMRC scams.
"I don't know if you're HMRC. Can you confirm my UTR so I know if you are HMRC" "I can't give you that unless I know you are Mr Bob Lawblaw" "Well I'm not confirming my address and date of birth unless I know you are HMRC" "It's us, bro. HMRC. Trust me"
And then lead them round in circles for a while
keithmk@reddit
My bank have a voice ID system. I have to say a particular sentence when I call and that is used to identify me. But the important part of this question is why don't they have to properly identify themselves. It could be anyone calling you
BuBBles_the_pyro@reddit
Does my nut in when they say confirm, confirming would be to say what they say is correct ie they ask of you are blah blah at blah blah address ans you say correct.
A simple, what is your address works just as well and is correct
Unusual-Art2288@reddit
Should ask them to prove who they are.
Boboshady@reddit
For this very reason, an increasing amount of providers will alert you via their app - something you know and trust - just before they get in touch. More providers need to do it.
islaisla@reddit
I never do. They can write or email
Material_Spell4162@reddit
It can, I think some companies do what you propose, but it takes some time to setup and some people will just forget their passwords.
KeyJunket1175@reddit
there is nothing to remember, its like with amazon deliveries with a pin. They send you can email with a pin in advance which you can refer to when they do call.
PatternWeary3647@reddit
Because they only know what number they’ve called. They don’t know who they are speaking to.
KeyJunket1175@reddit
haha as in "Hi, who are you and why am I calling you?"
Mediocre-Smile5908@reddit
I'm not surprised you have a complaint about SP. I'd sooner rub me nylon knickers together for static electricity than ever use them again. They completely fucked up our dual fuel readings then suddenly told us we owed over three grand.
mrafinch@reddit
Student loans ring me and try to ask me millions of questions before they can talk to me, but they get really arsy when you say “How do I know you are who you say you are? I’ll need to confirm your identity.”
Aggressive-Race-3139@reddit
the issue is companies have to verify identity before discussing accounts, but they have no reliable way to prove themselves to you first. a shared passcode sounds simple but if it gets leaked or reused it becomes another security weakness. at scale it’s harder to manage than it seems, especially with millions of customers
MrMikeJJ@reddit
Last time i had a company phone me and wanted me to confirm by details, I said "you phoned me. how do I know you aren't trying to get my details for identify theft? you need to confirm your details"
Their response "I can assure you we are who we say we are".
That phone call eventually ended with them hanging up, when they realised they were going to get nothing from me.
I have no doubt it was my insurance company like they claimed, but it was the principal of the matter.
SavingsProgress195@reddit
i always just refuse and call them back on the official number. takes a bit longer but at least you know who you’re talking to.
edent@reddit
You don't have to. Your options are to call them back on the number on their website, or refuse the call.
Some providers do offer an outbound password / phrase. But the problem is, if they call the wrong person (or someone else answers your phone) that password is compromised.
In your case, what's the risk? You were expecting a call from them - it is vanishingly unlikely that a scammer is going to know when to call you, and spoof the number, and know what your complaint is about. If they did, they'd then have to convince you to part with money or give up further information.
If you want to test whether the caller is genuine, you could ask if you can give them the first half of your postcode in exchange for them giving you the 2nd. Or, more simply, ask for the complaint reference number before proceeding.
Longjumping-Bet-5358@reddit
it’s mainly about data protection rules. companies need to verify they’re speaking to the correct person before discussing account details. the problem is the system hasn’t evolved with scam culture, so it now feels unsafe even when it’s legitimate. a shared passcode system would make sense but would be harder to manage at scale and could create new security risks if leaked
Ok_Aioli3897@reddit
Probably because numbers can be transferred to different people and some people forget to update that
AutoModerator@reddit
Please help keep AskUK welcoming!
When replying to submission/post please make genuine efforts to answer the question given. Please no jokes, judgements, etc. If a post is marked 'Serious Answers Only' you may receive a ban for violating this rule.
Don't be a dick to each other. If getting heated, just block and move on.
This is a strictly no-politics subreddit!
Please help us by reporting comments that break these rules.
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.