I received a call from a national bank yesterday presumably trying to sell me something. Before the bank would tell me what it was they were trying to sell me, they asked me to confirm some personal details about myself. I challenged this as I have no way of knowing if the person I am talking to is an employee of the bank or a fraudster. The employee offered to give me her employee number, but this is of no value to me as I have nothing to reference it against.
Purely by coincidence, a little later I came across a campaign on the Web site of Privacy International calling on banks to act more responsibly in the face of an identity theft onslaught. It is difficult to keep up with the myriad of methods now employed by fraudsters to steal people’s ID information. Therefore, Privacy International believes that companies and government have a responsibility to verify their own identity before requiring customers to divulge such information, and sets out a security methodology for achieving this. See:
http://www.privacyinternational.org/article.shtml?cmd%5b347%5d=x-347-559750
I am not a fan of pressure groups or NGOs, but I think in the case of ID theft UK banks have a moral duty to protect us from ID thieves. The disruption of even debit card fraud is significant - I should know as I have been a victim.
It should be the banks, rather than PI, which should lead the fight against fraudsters. For example, despite receiving daily phishing emails from almost every high street bank in the UK, and despite having accounts with three of them, I have never once received a letter from the banks warning me not to respond to emails purporting to come from them.
An example of a responsible banking security practice was highlighted recently by an Indian delegate, whose bank, ICICI - the largest private sector bank in India - sends him an SMS message every time there is a transaction on his account.
Oh to have had the benefit of this facility from my bank when my own account was raided three times in as many days in 2006 by ID fraudsters!