# Bank asks for personal details by phone - security risk?



## selfassessed (10 Jun 2014)

I just got a "no caller id" call on my mobile from a gentlemen from Danske Bank.  He said "hello I,m calling about your mortgage, can I confirm I am speaking to [name]" so I said yes you are and then he asked "can I ask you to confirm your date of birth and home address?".  I refused and wouldn't continue the call.

Is this reasonable?  It seems to me to be a security risk to give this information out to a cold caller.  I'm sure the call was genuine and he subsequently sent me the query by email from a danske bank email address.  But my name and mobile number are in the public domain - anybody could have that info.  

If Danske have an expectation that their customers give out the very data that they use to verify customers, such as data of birth, to random callers with caller id withheld, then are Danske not setting themselves up to be scammed?

Just checking my thinking.  Your thoughts are welcome.


----------



## Gerry Canning (10 Jun 2014)

Self-assessed; 

Before any Bank can move on to discuss why they are ringing , they must ensure as best they can that THEY are talking with the account holder.Date of birth and current address seems to suffice.
I 100% agree with you to never give any details to a cold caller.
It amazes me how so many people on cold calls give out their info before veryfying the caller. Common courtesy is for any caller to ID themselves first.If that creates a problem for the caller , so be it, they can always write.
Danske are not setting themselves up to be scammed but the person receiving the call could inadvertently give wrong info to a scammer. If they do, it is their problem not Danskes.
To anyone; 
Are these private calls to tell you you won the Lotto ?
or are these calls solely for the callers convenience?


----------



## selfassessed (10 Jun 2014)

Gerry Canning said:


> Are these private calls to tell you you won the Lotto ?
> or are these calls solely for the callers convenience?



But a clever scammer will slowly build a false identify one piece at a time.  One phone call just to let you know they will be soon offering cheap home insurance and can they have your DOB to confirm.  Next phone call to get some other piece of data.  Then they call your bank with all your personal data to hand and transfer the contents of your current account to a bank in Nigeria.  Not all calls start off with you've won the lotto.

If Danske expect their customers to give personal info out to a cold caller with a number withheld if the calls seems genuine and seems to be calling for the callers convenience then I think they have a problem brewing.

I get lots of emails and phone calls that seem genuine at first glance.


----------



## Gerry Canning (10 Jun 2014)

selfassessed said:


> But a clever scammer will slowly build a false identify one piece at a time. One phone call just to let you know they will be soon offering cheap home insurance and can they have your DOB to confirm. Next phone call to get some other piece of data. Then they call your bank with all your personal data to hand and transfer the contents of your current account to a bank in Nigeria. Not all calls start off with you've won the lotto.
> 
> If Danske expect their customers to give personal info out to a cold caller with a number withheld if the calls seems genuine and seems to be calling for the callers convenience then I think they have a problem brewing.
> 
> ...


I was being glib and used an extreme example. 
What I strongly meant is that in no circumstance should anyone give info to unknown calls.
I take your point too that Danske could inadvertently be giving a semblance of credibility to this way of doing business, and that may mean they too can get scammed.


----------



## RainyDay (10 Jun 2014)

You're right to refuse. I refused Danske's credit card dept some time back, and was told I could call the number on the card instead.


----------



## dub_nerd (10 Jun 2014)

I don't give out personal information to unsolicited callers, no exceptions. It's a bit embarrassing when the person at the other sounds (and quite likely is) genuine. But it's silly for banks etc. to be doing this, and I don't encourage it. I usually apologise to the caller if they sound genuine and just say "sorry I don't give out personal information to unsolicited callers under any circumstances, I'm sure you understand -- could you please contact me by another route".


----------



## JohnJay (10 Jun 2014)

an easy way to solve this.
Give them the wrong details first time. If they are genuine, they will tell you that your details are wrong and will give you a chance to correct. If they are a scammer, they will note your "wrong" details and carry on!


----------



## LDFerguson (10 Jun 2014)

I'd also refuse.  I'd ask which Danske office they're ringing from and what the number is.  I'd then ring them back, having first checked on the web that the number is indeed Danske.  

If, as sometimes happens with call-centre set-ups, it's not possible to ring the person back then I'd ask them to write to me, without giving them my address - they'd already have that.


----------



## Knuttell (10 Jun 2014)

I usually hang up on them,on one occasion I volunteered to give the second and sixth number of my DOB but the bank rep told me that this was not enough,I laughed at him and hung up.
At the very least they should not be ringing from a withheld number.Regardless though I am not discussing anything with some random caller looking for personal information from me.


----------



## MrEarl (10 Jun 2014)

RainyDay said:


> You're right to refuse. I refused Danske's credit card dept some time back, and was told I could call the number on the card instead.



The only problem there is, you get caught having to pay for the phonecall, even though they are the ones wanting to speak with you - not you with them  

I agree 100% with the sentiment here needless to say, under no circumstances will I give my personal details when someone calls me and then wants to confirm I am the person they are looking for.  They have my number on file, they phone it and ask is it me - I say yes, thats it.  Anything more and I refuse ....

If they really want to convey a message and are not happy to proceed,  then they also have my email address, or my postal address and can use an alternative method of communication.  Actually, the perfect solution would be to send me a secure message via their internet banking


----------



## RainyDay (10 Jun 2014)

MrEarl said:


> The only problem there is, you get caught having to pay for the phonecall, even though they are the ones wanting to speak with you - not you with them


In fairness to Danske, it was in my interests to talk to them on that occasion, as there were fraudulent transactions on my Visa card.


----------



## DingDing (10 Jun 2014)

I asked them to confirm some of my details but they could not under data protection.


----------



## serotoninsid (11 Jun 2014)

I've had this out with both Vodafone and Ulster Bank in the past.  It's absolutely ludicrous.  They ask for sensitive data but call from withheld numbers!  In each case, I told them I wouldn't give such info to someone calling from a withheld number.


----------



## Jim2007 (11 Jun 2014)

selfassessed said:


> But a clever scammer will slowly build a false identify one piece at a time.  One phone call just to let you know they will be soon offering cheap home insurance and can they have your DOB to confirm.  Next phone call to get some other piece of data.  Then they call your bank with all your personal data to hand and transfer the contents of your current account to a bank in Nigeria.  Not all calls start off with you've won the lotto.
> 
> If Danske expect their customers to give personal info out to a cold caller with a number withheld if the calls seems genuine and seems to be calling for the callers convenience then I think they have a problem brewing.
> 
> I get lots of emails and phone calls that seem genuine at first glance.



Well first of all from what you have said, he was not asking you for details, he was asking you to confirm details he already had, which is normal practice when a bank or other financial institution contacts you by phone...

Secondly even if someone had these details, it would not be possible to transfer the contents of your account to Nigeria or anywhere else for that matter without going through the usual security check and in addition to that it would get flagged as an unusual transaction and they'd try to contact you by phone to confirm it...  On the other hand, if you are not answering the phone to them it might well get processed based on the fact that transactions must be executed within a certain time frame and they have no other instructions from you.

So no I don't think it is the smartest of ideas to refuse to speak to a bank on phone in this manner...


----------



## Jim2007 (11 Jun 2014)

RainyDay said:


> In fairness to Danske, it was in my interests to talk to them on that occasion, as there were fraudulent transactions on my Visa card.



Exactly and since there are processing rules in place with which the banks must comply (or loose their licence) things could very well in up getting processed because the bank has no instructions to do otherwise from you.

Of course you have to be careful, but point blank refusing to communicate with the bank when they call you is not smart.


----------



## selfassessed (11 Jun 2014)

Jim2007 said:


> Well first of all from what you have said, he was not asking you for details, he was asking you to confirm details he already had, which is normal practice when a bank or other financial institution contacts you by phone...



He asked me for the details.  He did not say can I check is your DOB x/y/z.  So it is impossible to tell if caller is genuine and really has the info already and needs to confirm it or he does not have any info and is fishing.  The only way to find out would be to give them false info and see how they react.  Which is a bit silly isn't it.


----------



## selfassessed (11 Jun 2014)

Jim2007 said:


> Of course you have to be careful, but point blank refusing to communicate with the bank when they call you is not smart.



Complying with procedures that put you at risk is even less smart.

I didn't refuse to deal with them - I insisted we make contact by other means.  Seems most other people do likewise.


----------



## Clamball (11 Jun 2014)

I think it is madness the way they ask you to confirm your identity and dob, address etc when they initiate the phone call.

I have gotten several calls in the past where I was asked to confirm if I was Clamball.  I normally inquire "Where are you calling from?" and they reply "I cannot give out that information until you confirm your identity" so if they won't even say what institute they are phoning from I just say "Well I know who I am, but I don't know who you are" and hang up.  If it is urgent they will try to contact me some other way.

When there was evidence of illegal activity on my credit/debit card the bank identified themselves immediately and I was able to google a number and phone them back before I would confirm my identity.  I was happy & the bank were happy to wait for me to ring them back.


----------



## Time (13 Jun 2014)

I would certainly not confirm any personal details in the manner that certain organisations would like you to. 

I has my phone set up to reject all private numbers automatically. It works well for me. Any genuine caller will make contact by alternative means.


----------



## dub_nerd (13 Jun 2014)

Time said:


> I would certainly not confirm any personal details in the manner that certain organisations would like you to.
> 
> I has my phone set up to reject all private numbers automatically. It works well for me. Any genuine caller will make contact by alternative means.


 
Thank you so much. I didn't realise this was possible. I just checked my phone and it has that feature. I've been getting pointless unsolicited and unwanted calls from some customer liaison person in a bank who never leaves a message and keeps ringing until the phone is answered. Now they will just go straight to voicemail forever.


----------



## serotoninsid (13 Jun 2014)

dub_nerd said:


> Thank you so much. I didn't realise this was possible. I just checked my phone and it has that feature. I've been getting pointless unsolicited and unwanted calls from some customer liaison person in a bank who never leaves a message and keeps ringing until the phone is answered. Now they will just go straight to voicemail forever.


Didn't realise this was an option.  Any idea where to navigate on android to select this option?  

Does it confirm to the caller the reason their call has been rejected?


----------



## LDFerguson (13 Jun 2014)

serotoninsid said:


> Didn't realise this was an option.  Any idea where to navigate on android to select this option?
> 
> Does it confirm to the caller the reason their call has been rejected?



I've a Samsung Galaxy.

Call Settings >> Call rejection >> Auto reject list

I was playing with it and temporarily blocked my own landline as a test.  When I then rang from the landline, it went straight to voice-mail.  Although the phone didn't ring, it did appear as a missed call.


----------



## Time (13 Jun 2014)

I use a free app called Blacklist Plus. It does not show blocked calls as missed calls.


----------



## serotoninsid (13 Jun 2014)

Thanks to you both - will give those a try.
I have one solitary contact that calls me from a skype number - which shows up as "private number".  Asking the obvious I'd imagine but presumably, there's no way of allowing this one and blocking all other private numbers?


----------



## Time (13 Jun 2014)

Nope sadly.


----------

