Telephone Identification (Was Re: Banking under Enduring Power of Attorney)

[Roland Perry]

In article 
<a2b6592c0904091104l4dbea5d9i50538b186a5f5490@mail.gmail.com>, Igor 
Mozolevsky <igor@hybrid-lab.co.uk> writes
>>>>> I've had a couple of these infuriating "catch 22" calls with service
>>>>> suppliers recently. I'm getting less tolerant and now require these
>>>>> folks to
>>>>> find a way to prove to me that they are who they say they are (if they
>>>>> initiated the contact).

>> The real pain is you ring them back and they only wanted to sell you
>> insurance :(
>
>Are the above two not more of a case of front line staff not receiving
>adequate DPA training?

It's because they've been too well trained - to follow a script and not 
deviate an inch. The problems arise because the scripts are too 
inflexible (or appear to want authentication in circumstances where it's 
not actually necessary - like the time all I wanted to ask was what the 
APR was on a special offer) and there aren't [enough] staff who are 
allowed discretion.

>And while we're on the subject, I found (through experience) that a
>frightening number of websites (as in, legitimate businesses) that
>require profiles ask the same security questions as the banks, etc. Do
>these people not realise that if everyone asks the same question, the
>answer is no longer secret/secure, especially given that the answers
>are most likely stored in cleartext?

It's like "toolbar syndrome". Everyone seems to think theirs is the only 
toolbar you ever want to add to your browser. But mine's too cluttered 
already.

But you don't have to give the real answers (unless they are one of the 
organisations using super-secret things like your birthday).
-- 
Roland Perry