In which I have a whinge about my banks

I have a mortgage. Very grown-up, huh? Yeah. My mortgage is currently with NAB, or more specifically, with Homeside, the NAB's mortgage division. We switched to them a while ago when it became clear that Macquarie Bank were taking the piss with constant rate rises, and were a pack of suit-wearing moray eels with Louis Vuitton briefcases and expensive coke habits.

Anyway, I recently changed jobs. During the lead-up to the change-over some furious budget calculation went on, and it became clear that we were going to be a bit strapped for cash during the transition from job A (salary) to job B (contract rate fully in arrears). Not wanting to beg on street corners to pay for my overpriced food court sammiches for two weeks, I hit upon a bright idea.

I'll call the bank and ask if we can skip a mortgage payment! I'm a fucking genius!

"What's the worse that could happen? A refusal?" thought I, as I blithely called the number.

So I spoke to a moderately helpful guy at Homeside's call centre, wherever that happens to be, who said that he could organise something. He got a little confused, said he couldn't, then said that no, actually, he could, that's fine, next payment is now in November and there's a note on the account.

W00t.

Except in November, NAB called us and said we were a month behind.

We skipped a payment, we said

No you didn't, they said, we'd know.

We arranged it with you, dickheads, we replied

Don't care, said they. Give us money

OK, we responded, we'll give you some extra with next month's payment, then some extra the one after that, and we'll be level

Can't you give us $1000 extra a week instead, starting now? replied NAB

HO HO HO, said we. See how the corners of our mouths turn upwards and our bellies wobble as we LOL at your suggestion. NO

We'd really much rather $1000 a week, replied NAB, not quite getting the point

Sure. We'll send it over on the ROFLcopter. Monopoly money OK, is it? We chortled. You'll get the full amount over the next two payments.

OK, then we're going to put a note on your file calling you paupers, scumbags, wowsers and poopyheads. Then we're going to write nasty graffiti about you in the staff toilets. Then we're going to egg your house. With eggs.

NAB was clearly not getting it at all.

This situation is their fault - or more properly, it seems, the fault of an operator promising something he couldn't deliver - but they're going to blame us and call us defaulters? When we have a letter from you confirming the agreement?

Fuck you, NAB.

Oh, and get your phone system sorted out. I don't want to have to key my 9-digit account number in only to be immediately asked to provide it again when a human eventually answers the phone.

Oh, but the social media monitoring team are quick to respond and helpful of tone, even if the only thing they can really offer is more phone calls.

And while I'm on the topic. Bankwest. I have a mastercard with you. When you want to contact me to talk about this account, you always call me from an unidentified number - no caller ID - and immediately ask for my date of birth.

Stop doing this.

What you're doing here is training your customers to give out personally identifying information (PII) over an unauthenticated channel - effectively enabling a very simple phishing scam via phone. Here's how the little scam works:

  • Bad guy does a mailbox run of the local area, to find the names of potential targets
  • Bad guy hunts down phone number(s) of said targets, using name and address as gathered from mailbox run A.
  • Bad guy calls number, claims to be from bankwest, asks for date of birth and mother's maiden name.

Bingo, bad guy has just effectively stolen target's identity, and can use said information to gather more information still. Bad guy then ROFLs all the way to the bank, where he takes out all your money and fucks off to Bali.

Bankwest: STOP DOING THIS. Bankwest customers: REFUSE TO GIVE THEM YOUR INFO WHEN THEY ASK

For a bank, you're very bad at information security.

posted @ Thursday, November 10, 2011 10:32 AM

 
 
 

Comments on this entry:

# re: In which I have a whinge about my banks

Left by Andy at 11/10/2011 2:42 PM
Gravatar
Sounds like they get their staff from Centrelink. We used to deal with Centrelink when the kids were little and it seemed that no matter what arrangements we made or what problems we solved over the phone ("I've put a note on your file"), it was never actually done and would just result in yet another letter informing us of the very same situation we thought we'd fixed. And it's never their fault.

# re: In which I have a whinge about my banks

Left by anonymousType at 11/10/2011 2:46 PM
Gravatar
Absolute comedy gold jasbro. Did it really happen? Who cares funny as. Great way of explaining phishing scams in plain english. I've always thought your skills were wasted.

# re: In which I have a whinge about my banks

Left by Jason at 11/10/2011 3:53 PM
Gravatar
yes @anonymousType (Toby - namefagged) it happened. It always happens.

The world is populated by arseclowns, pillocks, spanners, hipsters and dickheeeds - in roughly equal proportions - and only a few of us technically-minded people ("nerds", "geeks") exist to keep their excesses in check

# re: In which I have a whinge about my banks

Left by MikeF at 11/10/2011 5:19 PM
Gravatar
I, too, am with BankWest. They get real narky when they call me with "Hi, this is ... from BankWest". To which I reply, "How do I know that you really are from BankWest?", and I ask them to tell me something about me that only they would know, like my account number. Which, of course, they refuse to give for "privacy reasons".

Or the other arseclowns at Child Support, who will do the same, and then ask me to confirm my phone number - the very one they've just rang me on!

# re: In which I have a whinge about my banks

Left by jamezpolley at 1/5/2012 9:58 PM
Gravatar
I'm with ING Direct. Every time they've called me, they simply tell me that they're from ING Direct, that I should look at the phone number printed on the back of the card and call it, and give me a reference number.

# re: In which I have a whinge about my banks

Left by Alex George at 4/13/2012 6:00 AM
Gravatar
Last time I got called I said I wasn't comfortable with giving details to a random person.

Straight away they gave me their staff number, I call back, quote the staff number and bam like magic that person is on the line.

"Bad guy does a mailbox run of the local area, to find the names of potential targets
Bad guy hunts down phone number(s) of said targets, using name and address as gathered from mailbox run A. "

GO GET A PO BOX, ALTHOUGH TO BE FRANK, I'M NOT SURE HOW YOU'D BECOME A FRAUD TARGET, ITS PRETTY HARD TO STEAL LOANS IN ARREARS LOL.

AND LOL MENTIONS OF CILD SUPPORT AND CENTRELINK, PRETTY SURE NONE OF YOU ARE GOING TO LOSE THAT -$4.26 IN YOUR ACCOUNT....

# re: In which I have a whinge about my banks

Left by jason at 4/16/2012 2:19 PM
Gravatar
Alex, generalising from the specific is a fallacious tactic that marks you out as a low-grade thinker as clearly as your use of capitalisation.

That loans in arrears cannot be stolen is an absurd riposte to the point of the article, which is that a bank is using an inherently insecure means of contact, and insists on using it to the detriment of their customers. As far as you know, my credit card could be temporarily in arears because, I don't know, I just bought a sports car with it, and next week it'll have an available balance of $25,000 - which would give an identity thief a nice return on a few hours work tops.

If you want to comment, think first, there's a good chap.

# re: In which I have a whinge about my banks

Left by Alex George at 5/4/2012 5:29 AM
Gravatar
"fallacious tactic that marks you out as a low-grade thinker"

Having neither a missing claim nor non‐sequitur apparent, it would appear you've had an impulse delay glitch. Careful reading always helps conquer this, just slow down and focus, it'll come to you I'm sure.

Anyhow, you seem to have missed the most vital element in your bluster:

1. Simply call the bank back if you are ever in doubt as to the authenticity of the call.
2. Derive an identifying detail staff number, full name should they be forthcoming with it.
3. Call back and you will find it happens as easily as I describe.

Electronic fraud (credit card and the like) are merely the evolution of burglaries and car thefts and other petty crime. Regardless of what steps they may implement there are always ways to defeat, any measure http://www.rsa.com/node.aspx?id=3872.

TLDR: Take 10 secs to ask their name, spend 25cents and call back, particularly if it worries you.

Lastly: "$25,000 - which would give an identity thief a nice return on a few hours work tops" great idea, but sadly a venture deep into misleading vividness. It simply, isn't possible.

Comments have been closed on this topic.
«December»
SunMonTueWedThuFriSat
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234
 
Vaccination Saves Lives: Stop The Australian Vaccination Network
 
 
Say NO to the National School Chaplaincy Program