Do NOT ask me for personal details when calling me

Here’s an example of a phone call I receive every now and then:

Ring Ring

Hello?
Hi, may I speak to Mansour please?
Speaking.
I’m calling from [organization] regarding [reason for call].
Sure.
Before continuing, I need to confirm your identity. Can you please state your full name, date of birth and address?

At this point, I’m wondering if the company has a picture of a donkey on my file, seeing that I’m being treated like an idiot. Only an idiot would just give out personal details without being 100% sure who the entity on the other end is. And guess what, the only way to be sure that it’s your bank you’re talking to, is to call them yourself. Period.

Some callers tell you details of your account as a way of identifying themselves. Ridiculous. You know why? Because it’s ridiculous. Anyone can get hold of such details. In fact, if I hear the caller telling me personal details about myself, I hang up even faster. A good analogy is if I asked you for the second half of your password, having told you I knew the first half.

So listen up St. George Bank, GE Money, Debit Success and any other organization that call their customers: don’t call me (or anyone) up and ask for personal details. Just don’t do it. I’m not giving them to you. Not only you’re insulting me (see above) but you’re also portraying yourself as incompetent and inexperienced in implementing security conscious practices. And you, being the giant entities you are, ought to do better.

Here’s how you should do it:

Call the customer and give them a reference/ticket number and ask them to call you back quoting that number.

That’s it! And don’t give the customer the callback number either, that defeats the whole purpose. State the name of your organization/company and that alone. It takes a 10 second google search to find contact numbers. In case yours cannot be found in 10 seconds, you’re doing something wrong. You need to put your primary contact number on the homepage of your website in bold and somewhere obvious, not burying it in the Contact us page, link of which itself is buried further down at the bottom of the page, waiting for Captain Cook to discover it.

And if the customer doesn’t have access to the Internet or isn’t computer literate, including the contact number on the back of all bank issued debit/credit cards should mostly solve the problem. Banks do already print their phone numbers on their cards, so they could just add a new option to their automated voice system for callback calls.

Also note that the bank still needs to verify the customer’s identity when they call back but at least the customer is now comfortable in helping the bank do that.

Just Don’t Do It

Do not call your customers asking for personal details

Some alternative methods proposed by HN readers and comments here: