Posted by Polonius on 9 November, 2006
The following is the text of a letter I emailed to the Grauniad two days ago. I guess they’re not going to publish it.
In today’s article “Online bank fraud up by 55%”, you tell of phishing
scams in which fraudsters, posing as banks, email people asking for
security information. These scams gain significant credibility from the
fact that banks themselves persist in phoning customers and asking for
I would like to think that the banks do this out of sheer stupidity, but I
fear they are more cynical than that. By encouraging customers to give out
this information to anyone who asks for it, the banks reinforce the idea
that, if the information ever gets into the wrong hands, it must have been
the customer who was responsible.
Surely it is not beyond the wit of banks to devise a scheme whereby both
caller and recipient can be assured of the other’s identity? But the
caller has the advantage, and must provide the evidence first.