Challenge and Response
As we are becoming more aware of the importance of data privacy, it strikes me as odd that organisations are not doing as much as they should to help protect us from the phishers and scammers that are only too happy to help us part with our data.
As more services are onlne focused, our day to day lives are plagued with a plethora of usernames, passwords and data breaches, is it all becoming too much?
Think of the following every day scenarios :-
- Banking and Finance
Again, you are in a room of strangers, before dispensing your description you are asked to confirm your full home address just after they have called your name.
I was contacted recently by my credit card company. My mobile rang, and a number I didn’t recognise was on the display.
“Hello, am I speaking to Mr. Smith?” asked the operator helpfully.
“I’m calling from the fraud department as we have detected some unusual activity on your account”
“For security reasons can you confirm you Name, Address, Date of Birth, and Card Number please?”
Does this sound familiar? All this information is useful to a fraudster. So we have a chicken and egg situation. I can not confirm the identity of the caller claiming to be from the bank. Therefore I’m not going to provide my details.
Again a phone call from an unverifiable number.
“Hello Mr. Smith, I’m calling on behalf of the hospital, for security reasons can you confirm your full name, date of birth and home address?”
Of course I can, but how do I know you are calling from the hospital? What piece of information can you give me to confirm you are who you say you are?
The list goes on, everything from sky subscriptions, Internet suppliers, data going off-shore. Everyday we are asked to reveal some of our most personal details.
Companies and people are too quick to hide behind the data protection act, citing that the information is required for data protection purposes. Most of the time that is a nonsense. Take the Mobile phone provider I had reason to use their live chat internet service. All I wanted to do was enable Internet tethering on my mobile phone, but apparently they were unable to assist with my query unless they had a full name!
I could understand this, if I wanted to discuss something about my account, make changes to billing, however a simple tech query didn’t need a name, let alone the other 20 questions required answering in the name of data protection.
We are all too quick to judge the companies that lose our data. But what are you doing to secure your information? We all know to shred our paper work before disposing of it, but what about our PC’s and hard drives? How many of us encrypt the information held on our computers? Do we happily sing our details in public?
Companies should be doing more to safeguard us from the fraudulent calls, by the minimum have a challenge response phrase, so we can identify the genuine companies and people we subscribe to, rather than rely on trust and blind faith.
What are your thoughts? Agree, disagree I would love to know!