More retail banking security theatre

Posted on By Mark Wilson
This content is 11 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Yesterday, I bought a new suit. Nothing remarkable there but I paid on my Lloyds TSB Duo Avios credit card. A card that I will shortly be cutting into little pieces because it’s useless to me if the bank declines transactions on an apparently random basis…

You see, I also wanted an extra pair of trousers and they were out of stock. The very helpful guy at John Lewis went through the online order process, I supplied my credit card details and all was good. Then we went to the till and paid for the suit jacket and first pair of trousers.

The £250 transaction for the suit went through OK but a short while later I was called by John Lewis to say that the £80 order for the trousers placed a few minutes earlier had been declined.  That seemed strange – especially as it was placed before the larger transaction (I’d expect the large one to be declined if there was some sort of anti-fraud flag triggered by a small purchase and then a large one) so we tried again. No joy. Declined by the bank. So I supplied some different card details and all was OK.

I was annoyed. I use multiple credit cards for good reasons but at least I had been able to use a different card even if that does mean that my personal and business transactions are mixed up. Fast forward to this morning and I was incensed.

Sunday morning, 10am: enjoying a rare lie-in whilst the kids are away; the phone rings – it might be my in-laws and it might be important, so I answer.

“This is an automated anti-fraud call from Lloyds TSB…” (or similar). I’m angry now, but I comply with the whole process as I think I might be charged twice for my trousers.  This process involved:

  • Confirming that I was (imagine robotic voice) “Mr Mark Wilson”. 1. Yes, that’s me.
  • Confirming my year of birth. Not exactly a secret, especially not to anyone who might answer my home phone.
  • Confirming my day and month of birth. Again, public information, and known to all in my household.
  • Listening to some details of some possibly fraudulent transactions: two declined for £80 and one approved for £250; both flagged as Internet purchases at John Lewis, a “grocery or supermarket” retailer. Not much help there as John Lewis is a department store (Waitrose is their supermarket brand) and clearly store transactions are incorrectly flagged as Internet purchases – which means the information is unreliable at best and confusing if it had been a different retailer with whom I was less familiar.
  • Confirming I had made those transactions. Tempting to say no but that would be fraudulent. I said 1 for yes, anyone in the house who answered my phone could have answered anything…
  • Supplying my mobile phone number for future anti-fraud calls (I probably didn’t supply it in the first place because I was concerned they would use it for marketing…). Well, at least my mobile is more immediate, and more secure than the home phone (only I use it).

Pure security theatre.

I can understand the banks wanting to reduce fraud – it costs them millions. But my account has a significantly larger credit limit than transactions I attempted in John Lewis yesterday and they could go a lot higher before declining transactions and inconveniencing me as a customer. I can see some patterns that might have flagged the anti-fraud systems but not the sense in declining the first and third transactions yet accepting the second (larger) one. It’s possible that John Lewis stored my card details and applied them after a short delay but, even so, I’d think it’s pretty common for people to make in-store transactions and place orders through the retailer’s online channel at or around the same time (in scenarios like the one I described).

I’ll make the most of the interest-free period until my next bill, pay in full (as always) and then I’ll be closing my account with Lloyds TSB. “Security” that stops me using my cards when I want to, and disturbs my privacy at home (with an automated call using publicly-available information!) is “security” I can do without…

7 thoughts on “More retail banking security theatre

  1. Had a similar experience with Barclaycard. Declined a $1 transaction with Amazon Web Services, then rang me a day later to ask me for similar info, I was about to refuse as I was at the station and generally don’t like giving these sorts of details on unsolicited incoming calls, but then realised I’d be without the card which would leave me in some trouble.

    The biggest problem is that the banks insist on you proving you are who you say you are when they call, but how do we ensure that people calling you are who they say they are?

  2. When John Lewis phoned me, I got them to give me some details about the transaction so I could tell it was genuine (i.e. what it was for) – a bit harder to verify bank personnel/automated calls are genuine though. What really annoys me is that their “security” questions are based on commonly-available information – basically, ringing my house and asking whoever answers the phone to confirm my date of birth!

  3. Mark, I suggest you get a cashback credit card, so at least they can pay you for using the card, as you pay the bill off in full every month.

  4. Yeah… often looked into that, originally had this card to keep the Airmiles account alive (after it cost me £30 extra to re-awaken a dormant Airmiles account and make a booking!) but not such a big deal since most of my Airmiles (Avios) are now spent…

    Only problem with cashback credit cards is that many apply an annual fee… I do pretty well for Nectar points though (which I then spend in Argos) on another credit card (American Express though, so not universally accepted, which is another reason I have multiple cards).

  5. I remember having a tesco credit card and there security questions were similarly awful. I wonder if you can give a false date of birth to them to make it more secure?

    You say about using a mobile phone number to make it more secure but can’t they be easily listened in on because all the transmission is wireless? First Direct state never to use any wireless phone when phone banking for this reason

  6. First Direct used to say that about mobiles in the early days before digital mobile phones. Analogue landlines are less secure – have you ever heard someone else’s conversation when you’ve picked up an extension? My point was that, generally, only I answer my mobile phone, whereas there are several people (admittedly trustworthy people – until my kids become teenagers at least) who could answer the home phone.

  7. This has happened to me on more occasions then I care to think about. Only it’s been with my Lloyds debit card. As with you I appreciate the attempt at trying to stop fraud (as i’ve been a victim in the past) but the process as you’ve mentioned seems rather pointless

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.