Telephone Identification (Was Re: Banking under Enduring Power of
Attorney)
Igor Mozolevsky
ukcrypto at chiark.greenend.org.uk
Thu, 9 Apr 2009 19:04:22 +0100
2009/4/9 Pete Mitchell:
> Roland Perry wrote =C2=A0on 9-04-09 17:25:
>>
>> In article <a2b6592c0904090636y5af2604cm1a479f1c5b065e55@mail.gmail.com>=
,
>> Igor Mozolevsky <igor@hybrid-lab.co.uk> writes
>>>>
>>>> I've had a couple of these infuriating "catch 22" calls with service
>>>> suppliers recently. I'm getting less tolerant and now require these
>>>> folks to
>>>> find a way to prove to me that they are who they say they are (if they
>>>> initiated the contact).
>>>
>>> Just ask the caller for their name and say you'll call the company on
>>> a known phone number.
>>
>> I've done that too. It turned out that all they wanted was to let me kno=
w
>> they'd written to me in reply to a written complaint I'd made.
>
> The real pain is you ring them back and they only wanted to sell you
> insurance :(
Are the above two not more of a case of front line staff not receiving
adequate DPA training?
And while we're on the subject, I found (through experience) that a
frightening number of websites (as in, legitimate businesses) that
require profiles ask the same security questions as the banks, etc. Do
these people not realise that if everyone asks the same question, the
answer is no longer secret/secure, especially given that the answers
are most likely stored in cleartext?
--
Igor