incite a riot
not really
Show Menu

Security checks

September 25, 2007   

I just got a call from somewhere this morning. Now, I say “somewhere” because when it’s not someone I know, I don’t have a way of verifying their information and confirming that they are in fact who they claim to be. This is how the conversation went. My thoughts are in italics:

Recorded voice on the phone (RVoP): This is [name of credit card issuer] calling about suspicious account activity on your account. If your name is [mangled name], please press “1”.

Me: ruh oh *presses “1”*

RVoP: To confirm your identity, please input your five-digit zip code of your billing address.

Me: Uh… I don’t know if I should, but I bet this is the charge for the tv that we got on Sunday, and I don’t want it to get denied… *presses zip code*

RVoP: On September 25th, 2007, your [credit card company] [card type] was charged with [small amount – around the cost of an average take-out lunch] by [strange sounding computer-related company name that I don’t recognize]. If you or an authorized user made this charge, please press “1”. If not, please press “2”. Press “*” to hear this message again.

Me: Who da wadda? That’s not what I was expecting! *presses “*”*

Rinse. Repeat twice out of uncertainty.

Me: Uh… Is this from Seppo making the music purchase this morning? Is this the hold charge for the tv we just got? That company name doesn’t sound right though… I don’t know! *presses “2”*

Hold music.

Human voice: Is this [differently mangled version of my name]?

Me: Thank goodness this didn’t auto-dispute the charge since it might be a real charge. Hi, yes, that’s me.

HV: Can you verify your identity by giving me your password?

Me: What? No. You called me. I have always learned that if I call you, I can give you my password, but I can’t give my password if you call me.

HV: What I’m asking for is your password, so we can confirm your identity.

Me: Yes, I know what you are asking, but I have no way to confirm that you are who you say you are. I don’t want to give out my personal information to strangers that call me on the phone.

HV: I am with [credit card company] and am trying to verify your information.

Me: But I can’t confirm your information. You say you are with [credit card company], but you can’t confirm for me that’s true.

HV: Yes, I am confirming that I am with [credit card company].

Me: *waits, expecting HV to tell me something that will confirm his assertion. gradually realizes that that statement was it.* Sorry, I can’t give out my information.

HV: You can call our number on the back of your card, or I can give you a direct number to call back.

Me: Are you kidding me? I will call the number on the back of the card, but there is no way I’ll call the number he gives me. It’s not like I don’t believe this guy, but I’m still not willing to give out my info and can’t believe the horrible idea of security the company has. That is fine with me. I will do that. So when I call back, I should ask about a charge from today by [name of computer-y company that I didn’t recognize when the voice first told me]?

HV: I cannot share any information with you without confirming your identity.

Me: No, wait. The automated voice message already told me this. I was just trying to be clear about what they said. I mean, you called me at my personal number and got my zip code information already.

HV: I’m sorry, I cannot share any information with you without confirming your identity.

Me: This is ridiculous. Ok, thanks. Bye.

WTF?

I’m about to call now. That is some inconsistent security policy they have. No one should have to give personal information out when they are the ones that called your personal number that appears on the account. On the other hand, they shouldn’t tell you anything without getting your verifying information, when you are the initiator of the call. WTF.

ETA: Ok, it turned out to just be a shirt Seppo ordered, which I knew about. I spoke to the person on the phone and explained what had happened in the previous call and he agreed that I should not give out my personal information to calls that I receive. He seemed to believe it was a different department but I am sure he’s not allowed to say anything bad. I basically just wanted confirmation that that’s not their security policy.

4 Comments
Andre Alforque
September 25, 2007 at 12:51 pm

How very odd. Whenever I get calls from CCC, it’s a human person confirming a suspicious charge — no exchange of personal information at all. I wonder what happens if I say it’s not my charge… whether they go into the whole “gimme your password” ordeal, or if they instruct me to call the number on the back of my card? Thankfully, I’ve never had to go that far.

h
September 25, 2007 at 3:37 pm

That’s horrible! I’m glad the second person agreed with you. :/

Alan
September 25, 2007 at 4:56 pm

This happens to me all the time (citibank mastercard, fwiw). I’ll go out shopping and make, say, 3 purchases in 3 hours. Within 2 minutes after the last purchase my cell rings and I get an automated message giving me the same rigamaroll they gave you:

incomprehensible company names that don’t match with where you actually purchased from, and they want the last 5 purchases. Of course I only recall the last few and I’m interested to know what the others are as well in case there is a problem but the system gives you no option and you don’t want to go through the “I won’t give you my personal info”/call back that you did, but you don’t want to have a valid charge disputed and all that goes with it.

Ugh, convenience has it’s downsides.

hapacheese
September 28, 2007 at 11:58 am

Good job at keeping a level head 🙂 I got a call one time from a debt collector looking for my dad (back when he was in debt) and they wanted his contact information and whatnot. I was half asleep (it was like 7am on a Saturday morning) and told them I would, but didn’t have it on me, so I jotted down their email address and was going to send it to them. Then realized what just happened, so I sent them an email asking for some sort of verification that they were who they said they were, and never heard back =\

Leave a Reply

Your email address will not be published. Required fields are marked *