Barclays shamed on fraud loophole
BARCLAYS is failing to protect crucial information that can aid fraudsters in scams.
The bank requires its telephone banking customers to provide only their card number, date of birth and mother’s maiden name to access their balance and latest transactions.
This information is often easily found online, with credit card and debit card numbers frequently traded on the so-called dark web.
Most other major UK banks ask for a password and account number, or cross-check that the phone number on which someone is calling matches that registered to the account.
Experts warn that, although criminals cannot move money out of your account with these three basic pieces of information, knowing someone’s transactions and balance can aid sophisticated impersonation scams.
Fraud victims often tell Money Mail they were lured into a false sense of security after a caller posing as their bank knew their balance and latest transactions.
Chris Underhill, of Equiniti Cyber Security, says he is surprised Barclays asks for so little information. He adds: ‘As a minimum, banks should ask for a password or code, or use biometrics such as voice recognition.’
A Barclays spokesman says: ‘Our ID and verification process has a number of different security levels and includes a combination of measures. We are constantly reviewing and improving our processes to ensure our customers remain protected.’