“Mr. Calder, it’s your bank calling.”
“Yes?” I answer, cautiously, wondering what I’ve done wrong – or what has been done to me.
“For security, can I please ask for your telephone banking password?”
My mouth opens: “3..b (for bravo)…9…” and then my brain clicks in. “Why do you want to know?”
“So we know who you are, to protect you, sir.”
“Yes, but I know who I am, and you rang me – how do I know who you are?”
The call doesn’t last much longer; the “bank” offers to call me back “at a more convenient time”, by which it presumably means sometime when my brain won’t click in.
The number of “phishing” frauds that are initiated by telephone will increase over the months ahead; while they are more costly for criminals than the online version, the innocent bank customer is more likely to respond to the immediacy of a real human voice, particularly if a plausible excuse like “we want to confirm that some large transactions on your account today are genuine” is offered. Give the caller your telephone banking password (or the three digits on the reverse of your credit card) and you really can expect some large transactions to take place, probably within minutes – and, as the fraudsters are outside the UK, they’re unlikely to be caught.
As things stand, your bank is likely to foot the bill for your indiscretion. Once upon a time, this was called a “moral hazard”: if you do not personally pay the price for making a bad choice, you can go on making bad choices until….
Of course, in order to reduce their exposure, banks will increase the controls on normal people; it is already difficult to transact anything but minor business online and there are days when individual internet banking sites are not fully operative – all this, ostensibly, to protect their customers against themselves. Wouldn’t it be more helpful to more people if banks refused to compensate the victims of “phishing” fraud, thereby encouraging everyone to pay proper attention to their own financial affairs, while allowing the vigilant to continue about their everday affairs unhindered? Or does the nanny-state mentality have to pervade the internet as well?