Is telephone banking safe?

julia kukiewicz
By Julia Kukiewicz

telephone banking

There's something about banking by phone that feels a little insecure, probably because we're always being told not to give out our personal details over the phone.

Gratifyingly, this isn't just me. 46% of respondents to a January 2013 survey by Avaya said they suspected high level breaches of security at financial institutions and half of those were most suspicious of call centres.

But are we just being paranoid?

Is telephone banking safe?

To find out, I took a look into the figures.

At first glance, they seem pretty encouraging.

CIFAS, the UK's fraud prevention service and top purveyor of fraud statistics, found just 539 cases of staff fraud within 240 organisations in 2012.

539: that's not very many considering the thousands of calls and other customer interactions big companies have every week and compared with the overall fraud rate of over 200,000 cases a year.

However, this figure is a little misleading for a few reasons.

First, as Richard Hurley from CIFAS pointed out to us, that staff fraud report can only record instances of fraud uncovered by the companies.

In many cases of identity fraud, the criminal is never found and, therefore, there's no way to know where they got the details they're using.

Second, the report points out that organisations that are not wise enough to internal fraud to participate in the study may have the highest fraud levels: "Unfortunately, [in the case of] many organisations who do not participate... internal fraudsters are more likely to go undetected, and unchallenged when caught."

When it's not you calling

Similarly, those figures don't account for the cases where the risk is on the consumer side of the phone.

Financial Fraud Action UK figures from this month, October 2013, show that losses from this type of telephone banking fraud fell 22% in the past year, from £5.2m to £6.7m.

The group puts this down to better identity checking processes by banks.

Even so, losses of that magnitude still mean many, many cases of fraud.

In all, we can surmise that, although in most cases banking by phone is likely to be safe, certainly it doesn't seem to be the case that a large proportion of calls are subject to fraud, it is risky.

Call centre fraud: should we be worried?

How risky, we'll look at in this section.

Could you lose money?

First of all, let's address a really central concern here - could you lose money, permanently, as a result of this kind of fraud?

Potentially, the answer is yes. Consumers are liable for fraud if the bank can determine they were at fault so if, for example, someone gave out their PIN number over the phone the bank doesn't need to reimburse them.

Practically, however, the answer is no. Personal liability is hard to prove and banks understand that fraudsters work hard to gain trust so in most cases of fraud, they refund their customers.

We've looked at this issue in more detail in another guide: take a look over here.

More than money

More than money, however, the risk of fraud now is hassle and distress for victims and that, through access to bank details, criminals could get personal information that they'll be able to continue to exploit.

What makes call centres vulnerable?

72% of consumers think that call centres should do more to prevent card fraud, according to a Syntec poll.

As I said at the top, however, the feeling of giving away details by phone doesn't necessarily align with the real vulnerabilities of systems.

The human factor

Staff frauds, which according to CIFAS make up about half of all call centre fraud, grew 22% in 2012, compared with the previous year.

We're talking here, simply, about call centre workers tricking customers to steal their money.

In Other People's Money former conman Eliot Gould talks about how he got his start this way: he would take some credit card details put the person calling on hold and ask for more details 'for the credit card provider'.

By the time he was fired from that job, he walked out with a notebook full of stolen details that would enable him to spend thousands of stolen pounds.

Poor fraud prevention

While the fraud above is recognisable, however, it's worrying partly because it feels so much like banks' own fraud prevention techniques.

It's hard for us, as consumers, to tell the difference between someone doing their job, making sure we are who we say we are and someone asking for details with bad intentions.

Perhaps because of that, and perhaps partly because they're a pain, we tend to get annoyed at the very security procedures banks are trying to protect us with.

55% of respondents to Avaya's poll were annoyed when they had to repeat security information on the phone and 51% were less likely to use a phone service that required a lot of passwords and security details.

"Contradictory attitudes leave businesses stuck between a rock and a hard place," points out Simon Culmer, the managing director of Avaya.

"But... people are becoming increasingly security savvy. Firms need to build back confidence in traditional transaction methods."

What are banks doing?

So how are banks doing that?

Staff side: Within banks, a large part of mitigating fraud is employer monitoring, including identifying staff who might be at risk of committing a crime.

Staff fraud has risen after the economic downturn as more people struggle with their personal finances.

According to FraudTrack, in 66% of these frauds the motive is greed but in 11% of cases the staff member had a gambling problem and 10% were taking money to pay off debts.

To stop likely staff fraudsters, then, companies are increasing their vigilance from vetting procedures for new hires to looking out for early warning signs among employees.

Or, as we noted above, at least some companies are.

Consumer side: Banks have continued to increased security checks.

However, Which? research from May 2013 found that some banks' initial security procedures were easy to pass with information that could easily be obtained from a stolen bag.

Halifax and Santander got the lowest scores in the test, though both claimed that the researchers simply couldn't see the non-visible checks staff were performing.

Not phone banking: when 'banks' call you

Finally, it's worth noting that all of the above doesn't cover a growing area of UK fraud: people pretending to be from banks or large scale, out of control fake banking fraud.

In the first case, we can comfortably put the relatively newly widespread practice of 'vishing', where a fraudster gains information by posing as a fraud investigator, police officer or other authority figure.

In the latter category, we could put criminal gangs making money through loan fraud.

In early 2013, for example, over a thousand people a day were being contacted from a Delhi call centre bent on promising them non-existent loans.

100 people a day paid a £90 to £250 fee to 'activate' their loans.