I dropped out a couple of emails last week. Nothing spectacular, just general enquiries – one to my local council, one to my building society. Maybe it’s me, but in these days of blackberries, ‘always-on’ messaging and twitters going off left, right, and centre I’d be disappointed if I didn’t receive a response within a day or so.
From the council I received this auto reply:
"Thank you for your e-mail you sent to XXXXXX Borough Council Customer Services. This is to confirm that we have received your e--mail. If we cannot deal with your enquiry ourselves then we shall forward it on to the relevant department/officer who will endeavour to reply within 7 working days. We will notify you who the email has been referred to."
Seven working days? To forward and reply to an email? (It’s been six working days and I’ve heard nothing yet.)
I never heard back from the building society – not even an autoreply, and I’d forgotten all about it. Until today that is, when I received a letter from them which started:
"Dear Mr Larcombe Thank you for your email on the 30th June. I can confirm...."
Yup. They’d replied to an email by letter! I guess it’s all done in the name of security (A Good Thing), it just seems very quaint.
Security!
I, for one, sleep better knowing just how vigilant BAA security is working to protect the public.
So what if security can be breached by just opening a set of double doors? At least we’re safe from T-shirts depicting armed 40-foot tall robots.
Banks (still) don't get it... 3
So fixated are the media by the technical side of security (chip-and-pin, secure websites, CDs in the post), it’s easy to forget that most fraud is carried out using social engineering techniques. Both parties need to be able to trust that are talking to who they think they are. With that in mind someone called me on the telephone last night purporting to be from my bank:
- ‘Bank:’ Hello this is yyyy from xxxx bank. Before we continue this conversation I need to confirm that I’m speaking to Mr Larcombe. To confirm this, please could you tell me the first and third numbers of your security code.
- Me: I’m sorry, I can’t do that until you can confirm that you’re from xxxx bank.
- Bank:’ Sorry?
- Me: You want me to tell you some of my security details – how do I know you’re calling from xxxx bank and not a fraudster
- Bank:’ (Getting increasing perplexed) Well my name is yyyy and I’m from team 302 in building 1234 and the xxxx bank will only ever ask for two digits of your security code, so could I have the the first and third numbers of your security code please?
- Me: Not until you prove you’re from the bank. Whatever this call is concerning, could you send me a message about it using the banks’ on-line messaging facility?
- Bank: Errr, no I can’t do that as I’m not calling from Customer Services.
- Me: Ok, thanks for your call. Goodbye. Bzzzzzzzzt.
Chances are the caller was genuine, but they just couldn’t understand that if they initiate a conversation the onus is on them to prove that they are genuine caller before asking me for sensitive information. No doubt though if this was an elaborate attempt at fraud I’d have been financially liable…