Skip to content
BOL Conferences Top Gun 23
Thread Options Tools
#4072 - 08/28/01 03:23 PM Pretext Calling Offline
New Poster
Joined: Aug 2001
Posts: 3
Lebanon Oh
I'm am writing the pretext calling policy & procedures and am looking for any input that anyone has. What do you require a customer to verify before call center personnel gives out info. Currently we require they give us the account number and then verify date or amount of last deposit.

Return to Top
General Discussion
#4073 - 08/28/01 06:16 PM Re: Pretext Calling
cboynefirstgabank Offline
100 Club
Joined: Apr 2001
Posts: 147
brunswick ga usa
We require date of birth, date and amount of last deposit and work phone if one is available.

Return to Top
#4074 - 08/28/01 08:47 PM Re: Pretext Calling
SLC Offline
100 Club
Joined: Feb 2001
Posts: 185
FYI - I just got a new American Express card yesterday. When I called to activate it via touchtone phone, I was given the following prompts:

-Enter a 4 digit PIN (message seemed to indicate that this would be for ID purposes and not for ATM)
-Enter last 4 digits of SSN
-Enter mo/day of mother's birthday

Return to Top
#4075 - 08/30/01 10:02 PM Re: Pretext Calling
matthewcompliance Offline
Joined: Jul 2001
Posts: 59
None of these represents a truly secure solution.

I would recommend you look at the new training materials being offered by BankersEdge.

True solutions are really hard to find but SSN's and dates and amounts of last deposit are to easy.

We have been testing Bank security for months offering no charge if we can't break in, if I had a dollar for every banker who has told me yes it's a problem but not at this bank or this branch I'd be rich.

You need systems AND you need to test them rigorously. We use are methods as training tools, not to beat people over the head.

Please understand ID theft is a business, the people who do it and make pretext calls to your bank are very good at what they do or they wouldn't still be making a living.

Please feel free to call if you want to know how good your systems are, the offer remains, no break in, no charge.

Matthew Read
Compliance Officers Association, Privacy Officers Association, AACFE,MICM,SHRM.

Return to Top
#4076 - 08/31/01 01:31 PM Re: Pretext Calling
Elwood P. Dowd Offline
10K Club
Elwood P. Dowd
Joined: Aug 2001
Posts: 21,939
Next to Harvey
Any verbal identifier has inherent weaknesses. If they are still your best option, consider asking new customers for the "county" of their birth. Unlike some common verifiers, the person who finds a lost checkbook will not have it at his disposal and it is a bit more imaginative and unavailable than "mother's maiden name." Caller ID can also be a valuable tool for your end of the conversation.
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.

Return to Top
#4077 - 08/31/01 08:59 PM Re: Pretext Calling Offline
New Poster
Joined: Aug 2001
Posts: 3
Lebanon Oh
I just got back from a seminar that said Date and/or Amount of last deposit isn't good enough for the reason stated by Ken/Pegasus. They are suggesting asking a question (like what is done on the Internet) such as "What elementary school did you attend?" or "What is your Grandmothers maiden name?" Unfortunately, our system doesn't have a place for this information and you would have to get that information for all signers.

Return to Top
#4078 - 09/01/01 12:21 AM Re: Pretext Calling
Princess Romeo Offline

Power Poster
Princess Romeo
Joined: Jun 2001
Posts: 8,272
Where the heart is
I was actually thinking of having customers give us a Code Word (Could be a Pet's name, a child's name, a favorite color or ice cream flavor, whatever) to put on their account.

Problem is - where to put this "Code Word" on the system to verify when the customer calls. And what happens if the customer forgets their "Code Word." And what is to prevent an employee from finding out Code Words and then quitting the Bank?

Second problem - how do you retroactivly assign Code Words for existing customers?

Face it - this whole issue is a double-edged sword that will cut deeply both ways. You cannot have perfect security without seriously inconveniencing almost all of your customers... (I'm sorry - you'll have to come into the branch for a Retina Scan before I can tell you your balance....), and whatever security procedures you DO put in place - there is a criminal out there that has already figured out how to circumvent it.

Regulations are a poor substitute for ethics.
Just sayin'

Return to Top
#4079 - 09/05/01 04:07 AM Re: Pretext Calling
La. Lady Offline
Diamond Poster
La. Lady
Joined: May 2001
Posts: 1,873
For what its worth!

Just recently, I read and heard about code names. These are very good, however, they should not be anything "associated" with the individual. Those become very easy for "people in the business". A suggestion was to look up a word in the dictionary.

That word could be varied. They also suggested that if the word needed to be changed, vary it rather than a complete change. An example was to use the word with a number following it....

Riding the waves of change.....2014

Return to Top
#4080 - 09/05/01 09:02 PM Re: Pretext Calling
Dolly Nugent Offline
Diamond Poster
Dolly Nugent
Joined: Nov 2000
Posts: 1,820
Southern California
In response to using the county of birth. Heck, I don't even know that! I would have to look at my birth certificate. I also believe that a pretext caller will go and look up this information when they discover it is needed to gain information from a certain bank. Same is true of elementary school, grandmother's maiden name or anything else that a savy research expert could find.

I agree that what ever we do, it will be an inconvenience to our customers. We are ITI users and it is my understanding that they will doing an enhancement that will allow us to enter a question that the customer wants to use to be identified and the answer. As a previous poster said, this is not a big deal when you are opening new accounts. But it will be an incredible amount of work to enter this information for our entire customer base.

Privacy is indeed the nightmare that will never end!

Dolly Nugent
VP/Compliance & CRA Officer
Citizens Business Bank

Dolly Nugent
Opinions expressed are my own.

Return to Top
#4081 - 09/06/01 01:18 PM Re: Pretext Calling
HallieK Offline
Gold Star
Joined: Jul 2001
Posts: 369
I don't know how much help it will be, but we have also been addressing this problem. It would be impossible to let the customer set a password for their accounts, simply because you would never get all of them to do so, not to mention the time and energy to imput this information into your system. We decided to use the Customer Information Number (CIF#) on our data systems. This number is assigned by our system when a customer is added. This number is already on the system and unique to the customer. We then used our data system to print cards with this number on them, which we would mail to the customer along with a letter explaining what this number was for and why. It saved having to rely on our customers to give us information to use, or using information that could be known by others such as SS#.

Return to Top
#4082 - 09/09/01 05:06 PM Re: Pretext Calling
Lucy Griffin Offline

Diamond Poster
Lucy Griffin
Joined: Nov 2000
Posts: 1,544
I use a code word whenever possible. I came upon it by chance, it makes sense to me, but anyone else would have to do some very deep and devious research to come up with it. I use it consistently because I tend to forget what password I used for which server. This way, I can remember easily. My only concern is that, because I use it so consistently, some hacker might be able to figure it out and then use it in other places. There really is no perfect solution.

Return to Top