I got a call from my bank claiming that they're discontinuing physical credit card statements and asking for my email to send statements via email. Then they proceeded to also ask for my date of birth and home address to "verify details" after making the unsolicited call. It felt off but the call came from within the bank. When I said I don't want to give the information over this call, they implied that I'll be inconveniencing myself and will have to go to a physical branch to verify my details and be able to receive credit card statements via email.<p>If the bank is actually initiating this, they shouldn’t be asking for personal info like DoB or home address over unsolicited calls. To the person receiving the call, it sounds like a phishing or social engineering attempt.<p>My assumption is that the bank's process is flawed and this wasn't a phishing attack. Can anyone recommend what best practices banks can follow to ensure safety for both customers and banks in such cases?
For info exchanges like this, you should always insist on calling them back at a number listed on their card or website.<p>If they cannot do that then its a scam or you should change banks
I treat all unsolicited calls asking for personal information as scams.<p>Scammers can spoof calling numbers to make it look like it came from your bank. Basically everything they say on the call should be treated as being fraudulent. The scripts have been tailored to use a variety psychological tricks to fool you.
A bank will never call you regarding this. They will send you a letter asking you to call them. In my case when the bank want to get in contact with me they send me a message through their online banking app.
Banks do not do this. It sounds like a phishing attempt because it is.<p>Imagine the cost of calling every single client individually. If something like this would change, they would send a letter.<p>Don't forget that spoofing caller ID of telephone numbers is possible.
Here's what's on the Patelco site. It's good advice. Since the contact numbers are theirs, just go to the home page of your bank and look for info on phishing and Financial Institution Spoofing.<p>Their contact info should be easy to find.<p><a href="https://www.patelco.org/financial-wellness/fraud-center/financial-institution-spoofing" rel="nofollow">https://www.patelco.org/financial-wellness/fraud-center/fina...</a><p>Biggest take-away:<p>3. Don’t share your personal information when you didn’t initiate the conversation<p>Whether by text, email, or phone, WE will never call you for personal information like:<p><pre><code> • Your online banking password
• One-time Passcodes for transactions, registrations, or logins
• Your card PIN, security code, or full card number
</code></pre>
We may call you to verify something, but we won’t ask you for the information above unless you initiate the conversation or request we contact you.
The only time I saw this handled correctly, and I forget the company now, worked like this:<p>They would call you and then want to verify themselves to you. You would be asked to open the companies app. The app noticed you were in a support call and had a link at the top taking you to the support section of the app. The caller would then read you a code you would type in and it would let you know if the call was legit.
I had an incident with a debt collector once(UK), they call me saying I had some pending parking tickets to pay and asked for my address, DoB, etc to confirm it was me, I refused and asked them to tell me the details they had, they refused.<p>This kept going on for about a year, the legal limit they can chase a debt, so at that point they gave in and share the details and as it happens, it wasn’t me. Don’t even own a car, which I mentioned multiple times.<p>Anyways, I’d never share my details over the phone if I’m not fairly certain who’s in the other side. This company was legit but had very suspicious tactics.
Bank won't make the effort to call people. They would send out a letter that they will change it and if you don't want it changed you have x days to contact them.
> Can anyone recommend what best practices banks can follow to ensure safety for both customers and banks in such cases?<p>You should never entertain any telephone interaction with your bank or any other organization, unless it was you who called them first. Just hang up. You can call them on their officially listed phone number when it suits you, or visit in person.
Tell them you don't have a computer or an email address. Say you prefer receiving mailed statements, and have no interest in saving them less than a dollar each month, but they're free to close the account if that's important to them.
My bank's phone app (in Finland) has a feature to authenticate a call from the bank.<p>(I've only actually used it once - a couple of years ago - so I'm sorry, I can't recall how it worked or what exactly the authentication procedure was.)
Banks will never do this.<p>You should always verify with an app or by calling back.<p>Even the apps you might want to randomize the service worker in case of insider criminal