Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Security Questions for Data Protection over the Phone?

  • 17-10-2017 8:40am
    #1
    joach
    Registered Users, Registered Users 2 Posts: 8


    We have all experienced calling our Electricity Company, Bank or Mobile Phone network with a question about our account or bill and we are required to ask a number of security questions before anything can be discussed or handled. Sometimes we are asked four or five questions, it's very rare that it is enough to just give our name and account number. The companies will say they ask these questions for Data Protection reasons, which most people appreciate and understands. 
    Is there an Irish or European law that specifies what credentials are required for an organisation before they disclose or handle a customer request over the phone?
     
    I have found some suggested guidelines by the Data Protection Commissioner in Ireland, but none that are specific as to the number of questions required for an organisation to ask a customer before processing a request over the phone. Is the level of security and the number of questions asked entirely down to an organisation's own discretion?


Comments

  • #2
    Esel
    Registered Users, Registered Users 2 Posts: 23,093 ✭✭✭✭Esel
    Not Your Ornery Onager


    They have to counteract social engineering attempts.

    Not your ornery onager



  • #3
    Peregrinus
    Registered Users, Registered Users 2 Posts: 26,998 ✭✭✭✭Peregrinus


    joach wrote: »
    . . . Is the level of security and the number of questions asked entirely down to an organisation's own discretion?
    So far as I know, yes it is.

    It's important to distinguish the "know your customer" requirements that banks, etc, have to comply with when you first open an account with them (asking for photo i.d., utility bills as proof of address, etc), which are regulated by law, and the security questions they ask over the phone ("Your date of birth? Mother's maiden name? Favourite flavour of icecream? The objectives of the French revolutionaries were not fully realised in practice: discuss"). In the later case they are just trying to satisfy themselves that the person who has called them on the phone claiming to be someone they already know really is someone they already know, and they set their own protocols and procedures for this.

    The person you are dealing with may have no discretion or authority to talk to you about your banking business until you have satisfied all their requirements, but that's not because the law requires it; it's because his employers require it, and he'll be at risk of discipline or dismissal if he doesn't complete the identity checks properly.


Advertisement