Poor call-centre security poses ID theft risk

Poor security checks in UK call centres are leaving banking customers exposed to the risk of identity fraud, according to a new study.

Call centres operated by the UK's top 20 financial services companies were investigated to find out how robust identity checks on customers calling up were.

At three of the financial institutions investigated no security password was required to conduct a credit card balance transfer of £500.

A password was found to be the most widely used security check when customers get through to a call centre but agents at nine of the institutions were persuaded to accept less secure methods of verifying the identity of callers claiming to have forgotten their password.

This included requesting alternative data such as landline phone number for the account holder, mother's maiden name or recent direct debit details.

More worryingly still, at three of the financial institutions investigated no security password was required to conduct a credit card balance transfer of £500.

David Noone, director at Intervoice, which commissioned the study, called the findings "shocking".

He said in a statement: "The problem is that call centre staff are trained to be helpful and in their efforts to avoid customer frustrations will readily offer up alternative security checks. This is often with questions relating to personal data on the account holder that could be second-sourced in the most extreme cases through stolen bags or in the simplest form through internet research."

The investigation was carried out by researchers holding current accounts and credit cards with each of the financial institutions in the study. The call centres were contacted to determine whether they would be allowed to perform a transaction if they were unable to provide their security password.