TMB international - keeping IT simple, keeping IT understandable, looking after your business, your IT and you.............................For Data Recovery Services, ask us for a quote. We may just be able to save you a fortune. See our Disaster Recovery page for more details................................................Is your network working as well as you would like? Or is your wifi hopeless? Try calling us for a site evaluation...............
e: enquiries @
TMB international

The Catch-22 of Data Protection

The current crisis that is COVID-19 has brought into stark reality the impact of some of the significant changes that are now being put in place; one currently unsolvable issue that is causing some concern for those of us in the security arena is that of telephone-only conversations, especially those that we receive.

I recently had a call purporting to be from my business bank; the caller was very pleasant and asked me about some recent information that I had submitted to them. To be fair, I am quite confident it really was the bank calling, but I wanted to be absolutely sure. She said she needed some updated information for my business profile, which I said I was of course happy to give her. She said she would just have to go through some security questions to confirm who she was talking to before we could proceed.

I agreed, provided that she could tell me something about my account, or my business, that only the Bank would know, to confirm that she really was calling from my bank. She said the Bank had recently sent me a letter and so I could check the number on the letter was the one she was calling from as this would confirm who she was. I pointed out that caller IDs can very easily be spoofed to show a different number from that which is calling. This took her rather aback, as she was unaware this was possible, and asked if it was true. I told her we at TMB do it all the time for customers who want to appear as though they are in the office when they are actually elsewhere (it's happening a lot with the current crop of home workers who do not want their private numbers to be displayed when they call clients).

So, I checked the letter from the bank and called the number shown for assistance, to be greeted with a pre-recorded message stating that due to the COVID-19 situation the number would not be accepting incoming calls, only used for outgoing calls, however if I wished I could leave a message for the bank to call back, which I did.

An hour or so later I got a call from the bank asking me to just go through security again, which I politely declined, stating my previous concerns. The caller was very understanding but insisted the only way she would discuss my account was if I provided her with security answers, which of course I could not until they had confirmed to my satisfaction they were who they purported to be. She refused point blank to provide me with anything at all linking me to my business account, stating she had no access to any of my information and would not have until I provided the security answers.

So this of course is the classic Catch-22 situation, where I receive a cold call from somebody saying they are calling from my bank, insisting on me answering personal security questions before I can ascertain exactly who they are, yet they will not divulge any information to me to prove their identity.

So what is the answer?

Quite simple, really. All the banks, building societies etc. need to do is exactly what they have done for their mobile banking apps: allow each user to have a safe 'code word' that they can create on their banking app or online or at the branch, so the customer can be more sure that it actually IS the bank that is calling them. It should not be hard to do. Currently, however, there seems no way to do that, because, in a genuinely funny moment, when I suggested that solution to the caller, she agreed it was a good idea and casually asked what my code word should be, so she could pass it on.

She obviously hadn't grasped the concept of security as fully as I would have wished....

© Copyright, TMB international 2021 Website Powered By tmb