'Data protection' - puzzling

maxsmum

Had 2 interactions which have left me a bit bewildered. I don't know too much about GDPR etc. But these are two large corporations which seem to be taking the proverbial...
1. Bank rang me yesterday, I think in relation to an ongoing mortgage application. They rang me with my telephone number what they've had for many years. I answered and was greeted with a rushed speech about whoever regulates the bank etc etc. I paused as I was in work. I said 'yes? and?' The caller then proceeded to ask me to confirm my date of birth and mother's maiden name. I said 'No, I'm not in a position to, and you rang me!' They didn't appreciate my point. They refused to talk to me as I couldn't confirm this. The number was a generic landline so it could have been any department calling. I am still none the wiser!

2. I rang our TV provider today. I asked the guy how much it would be to add the movie channels to a TV package and gave the name of our particular package. He said do you have an account and I said yes. He insisted on the number of the account. I said I just want to know the price - out of curiosity. I gave him the account number. He said he could only discuss my query with the account holder, my husband. I said I didn't have a query about our account. I had a general query about their price list! The guy actually stayed mute and eventually whispered in a really nervous voice that he was really sorry but I would have to get my husband to call back. I laughed, hung up, called back and got someone else. I told them I didn't have an account, asked the very same query and got an immediate friendly reply.

What on earth is going on with the world? What crucial data was protected in these encounters and for what purpose?

RayCun

The first case could be a scam call. You're right not to give those details to someone who called you. Or it could be someone junior in the bank who hasn't really considered the situation. If you are in the middle of a mortgage application, you should phone the bank yourself and see if there is an issue.

ohnonotgmail

RayCun wrote: »

The first case could be a scam call. You're right not to give those details to someone who called you. Or it could be someone junior in the bank who hasn't really considered the situation. If you are in the middle of a mortgage application, you should phone the bank yourself and see if there is an issue.

The first is standard practice by banks when they call you. They wont talk business until they can establish you are they person they want to talk to. Just because you answered the phone it doesn't mean you are the person that owns the phone.

maxsmum

ohnonotgmail wrote: »

The first is standard practice by banks when they call you. They wont talk business until they can establish you are they person they want to talk to. Just because you answered the phone it doesn't mean you are the person that owns the phone.

If I called them, maybe.
What are the chances of them calling me and some imposter has managed to intercept my phone? is 'am I talking to Mary' not enough?

ohnonotgmail

maxsmum wrote: »

If I called them, maybe.
What are the chances of them calling me and some imposter has managed to intercept my phone? is 'am I talking to Mary' not enough?

No it is not enough for the banks, hence the questions. Simplest thing to do is hang and cal them back.

RayCun

ohnonotgmail wrote: »

The first is standard practice by banks when they call you. They wont talk business until they can establish you are they person they want to talk to. Just because you answered the phone it doesn't mean you are the person that owns the phone.

I have ways to prove my identity to the bank, but the bank can't prove its identity to me. If I call the bank, I know who I called, and they can verify that I am me. The reverse isn't true.

ohnonotgmail

RayCun wrote: »

I have ways to prove my identity to the bank, but the bank can't prove its identity to me. If I call the bank, I know who I called, and they can verify that I am me. The reverse isn't true.

I agree but that would not excuse the bank revealing details of your account to whoever answered your phone.

maxsmum

ohnonotgmail wrote: »

No it is not enough for the banks, hence the questions. Simplest thing to do is hang and cal them back.

I couldn't. The number was a landline ending in 0000 and when I called it was the bank HQ, recorded menu etc. No idea who rang or from where. They wanted me, so I'm not going chasing them.
Is there not a common sense option where one can opt out of all this nonsense in their dealings with a company?
If someone nicked my phone and managed to hear, shock, horror, that someone in the bank was looking for me to send them a copy of my payslip, I couldn't give a monkey's.

ohnonotgmail

maxsmum wrote: »

I couldn't. The number was a landline ending in 0000 and when I called it was the bank HQ, recorded menu etc. No idea who rang or from where. They wanted me, so I'm not going chasing them.
Is there not a common sense option where one can opt out of all this nonsense in their dealings with a company?
If someone nicked my phone and managed to hear, shock, horror, that someone in the bank was looking for me to send them a copy of my payslip, I couldn't give a monkey's.

the bank could be calling to discuss anything about your dealings with them. Some people can get very pissy when banks discuss their information with third parties so the banks are just covering themselves.

RayCun

ohnonotgmail wrote: »

I agree but that would not excuse the bank revealing details of your account to whoever answered your phone.

Sure, that wouldn't be a good idea either. I say I'll call them back. (Which can be a bit messy because you are put through to a call centre, but better than answering your security questions for some randomer)

Mrs OBumble

maxsmum wrote: »

If I called them, maybe.
What are the chances of them calling me and some imposter has managed to intercept my phone? is 'am I talking to Mary' not enough?

On a landline, hell no. It could be andeered by anyone.

Victor

maxsmum wrote: »

I couldn't. The number was a landline ending in 0000 and when I called it was the bank HQ, recorded menu etc. No idea who rang or from where.

Ask them who they are. Ask how you can get them by navigating the bank's telephone menu (other than via a particular extension number - this route can be used by scammers).

maxsmum wrote: »

They wanted me, so I'm not going chasing them.

Aren't you applying for a mortgage?

maxsmum wrote: »

If someone nicked my phone and managed to hear, shock, horror, that someone in the bank was looking for me to send them a copy of my payslip, I couldn't give a monkey's.

Payslip? You have a job? But I thought you couldn't work because of ______?

maxsmum wrote: »

2. I rang our TV provider today. I asked the guy how much it would be to add the movie channels to a TV package and gave the name of our particular package. He said do you have an account and I said yes. He insisted on the number of the account. I said I just want to know the price - out of curiosity. I gave him the account number. He said he could only discuss my query with the account holder, my husband. I said I didn't have a query about our account. I had a general query about their price list! The guy actually stayed mute and eventually whispered in a really nervous voice that he was really sorry but I would have to get my husband to call back. I laughed, hung up, called back and got someone else. I told them I didn't have an account, asked the very same query and got an immediate friendly reply.

The price for new customers may be different to that for existing customers.

Get the account holder to add you as an authorised person on the account.

dalta5billion

Regards bank calling you: it (unfortunately) is trivial for scammers to spoof a caller ID such that it appears your bank is ringing you.

If you've received a suspicious call on a mobile, you should ask what their extension/name is. Terminate the call, and look up the actual phone number of your bank online/on back of your card. Then ring that directly from your mobile and ask for the person/extension.

If you've received a call on a traditional landline, be extra vigilant: you can hang up, but the scammer might keep the line open, mimicking a dial tone, and playing your bank's recorded message when you try and dial your bank's number. It's best to look up your bank's number manually and ring it from your mobile instead.

AndrewJRenko

dalta5billion wrote: »

If you've received a suspicious call on a mobile, you should ask what their extension/name is. Terminate the call, and look up the actual phone number of your bank online/on back of your card. Then ring that directly from your mobile and ask for the person/extension.

I agree with what your trying to achieve, but most call centre staff, who would be the ones most likely to be doing outbound calls, don't have an extension number, and aren't based at the phone number of the bank, - they often work in a different organisation entirely, at an outsourced call centre.

Victor

AndrewJRenko wrote: »

I agree with what your trying to achieve, but most call centre staff

Staff doing new mortgages are probably staff and probably a few pay grades above call centres.

odyssey06

ohnonotgmail wrote: »

The first is standard practice by banks when they call you. They wont talk business until they can establish you are they person they want to talk to. Just because you answered the phone it doesn't mean you are the person that owns the phone.

It shouldn't be though should it? Just because you get a phone call claiming to be from a bank, it doesn't mean that it is that bank.

They can see that when setting their procedures for one side of the conversation, how can they not see that in the expected response of the person receiving the call?

ohnonotgmail

odyssey06 wrote: »

It shouldn't be though should it? Just because you get a phone call claiming to be from a bank, it doesn't mean that it is that bank.

They can see that when setting their procedures for one side of the conversation, how can they not see that in the expected response of the person receiving the call?

what do you propose they do?

odyssey06

ohnonotgmail wrote: »

what do you propose they do?

First thing is to stop initiating outbound conversations where they ask a customer to provide authentication details.

If they need to contact customer, it would have to be an email or text alert for the customer to then access a secure online mailbox to retrieve the message. Customer going through mortgage \ loan application uses mailbox.

Something similar could be done with a "request callback" giving a message ID code that routes the return call to the actual person in the bank from the bank's main call centre number.

Over the phone in realtime, you would probably need a password protected app. Bank gives input code, user enters password to unlock app and enters code. Bank gives result code code and user verifies codes matches the one produced by the app.