Insecure About The Security Process, Part 2

I work for a building society. They are notorious for having a high turnover when it comes to employees, but nevertheless, I stay as long as possible because I have just finished university and am trying to crawl my way out of my student overdraft.

We have something called “partial authentication.” If you enter a code, it means you only have to go through a bit of security instead of the full lot. It also means you can politely address the account holder by name, which I do because I’m that sort of British. It’s also my final day.

Me: “Good afternoon, [Caller]. You’re through to [Bank]; how can I help today?”

Customer: “I would like to go through a few transactions on my account and check the balance.”

Me: “Okay, then. Can you please just confirm for me [random security information]?”

Customer: “Why should I give you that?”

Me: “It’s just a bit of security so I can take a look at your account.”

Customer: “But you addressed me by name, so I’ve done security!”

Me: “Ah, sir, you have partial security enabled, so when you enter your code when the phone asks for it, it means I only need to do reduced security instead of full.”

Customer: “I shouldn’t have to do that. I want to look at my account.”

Me: “I cannot give you your balance without first confirming security with you. To do so would be a breach of security policy.”

Customer: “I’m not doing that.”

Me: “Okay, sir, is there anything else I can help you with?”

We can give out product advice and such or transfer to sales without much security, so we ask this just in case.

Customer: “Yes, you haven’t helped me. I want my balance and to check my direct debits have gone out.”

Me: “Yes; however, you have chosen to not complete security, and therefore, I cannot complete that request.”

Customer: “But you addressed me by name.”

This carries on ad nauseam. I explain partial security. He states that I addressed him by name so he should not have to do security. I explain that I cannot do anything with the account until he does. This goes on for thirty minutes.

Me: “Sir, if you will not proceed with security, then I cannot take this call any further.”

Customer: “That’s it. I want to talk to a supervisor.”

Me: “Sir, they will only reiterate what I have stated many times.”

Customer: “Supervisor. NOW!”

I grab my supervisor and explain the situation.

Supervisor: “I’m only going to tell him the same thing you said.”

Me: “Would you believe I’ve told him that?”

Supervisor: *To the customer* “Hello, I’m [Supervisor]. I hear you’ve asked to speak to a supervisor.”

She listens.

Supervisor: “Sir, if you are unwilling to do security, then I will have to end this call. We cannot proceed any further if you refuse to do so.”

She ended the call.

Related:
Insecure About The Security Process