A number of banking customers have become concerned about the apparently random methods used by some banks to contact them, with unsolicited calls singled out as a source of confusion in these days of phishing, where criminals, typically posing as banks attempt to trick users into divulging details such as passwords and log-ins.

Banks appear to be increasingly contacting customers by SMS or by automated phone call, often asking them to dial back on a given number where they are asked for varying levels of personal information. Similarly, cold calls are made to customers where they are again asked to prove they are the name customer on the account – with no similar level of authentication coming the other way.

The institutions involved have included banks such as Egg and LloydsTSB. One silicon.com reader contacted us with the following example.

“Someone phoned me claiming to be from the Co-Op Bank and immediately asked for answers to security questions. I complained to the Co-Op Bank, pointing out the phishing risk and the need to educate customers not to reveal their security information to cold callers, but the Co-op Bank could see nothing wrong with their phone call.”

Richard Allan, Lib Dem MP for Sheffield Hallam and member of the All Party Internet Group, agrees that more needs to be done and supports silicon.com’s calls for greater authentication.

“We need to keep ahead of the fraudsters and this issue of calls appearing requesting personal identification details is a potentially serious security hole the fraudsters are likely to exploit. Banks should act now before we see a wave of phishing calls that lead to customers rejecting all calls from their bank.”

Allan agrees that requiring banks to use ‘verbal signatures’, such as those used by customers, would ensure two-way authentication. It is no ‘silver bullet’ to combat fraud, but it is certainly an improvement on the current system.

More here.