There’s Such A Thing As Too Social
I use to work in fraud protection for a credit card company. We often had to make calls out to customers who had unusual purchases on their cards that we wanted to verify, which usually resulted in leaving a message on an answering machine. This was back in the days before voicemail.
I’d been experimenting with ways to increase the rate at which I handled calls. The biggest timekiller was waiting for the phone to ring and leaving messages, so I started writing all my notes while the phone was ringing. As soon as the answering machine picked up, while I was giving a message so routine that I didn’t need to think about it, I’d finish closing the current account and start the pre-call steps on my next account.
This, and a few other tricks I came up with, gave me a noticeably higher rate of handling accounts, enough that I was eventually asked to train others in the things I did to boost my call rate.
Unfortunately, eventually, I had someone pick up while I was leaving a message on their answering machine. This was a problem because I’d already exited out of their account and our system didn’t have a way to look up previously worked accounts.
Me: “Hello, I am calling from [Credit Card] fraud department. We’ve seen some unusual activity on your card and just wanted to verify that it was done by you. Unfortunately, I’m afraid I exited out of your account when you didn’t pick up. Please give me a minute to see if I can look it up again.”
I tried looking it up with the phone number I had just called, only to remember that I had ended up looking up and calling an alternative number to the one on the account, per our usual policy when we suspect someone took over a card and put a fake number on it. I quickly ran through a few other options in my head, but I couldn’t come up with a good way to find the account.
Me: “I’m terribly sorry, but it looks like, now that I’ve exited your account, I have no way to look it back up without an account number or social, but—”
I intended to tell him that he could call the number on the back of his card and he would be immediately directed to someone he could trust to give that information to, but he cut me off.
Man: “Oh, that’s fine. My social’s [number].”
I was shocked that he had just given that information to a random guy calling him, but I still used it to bring up his account. Since this was an alternate number that wasn’t trusted, I was still forced to ask further security questions, which he happily answered, before we could get to the suspected fraud.
In the end, it turned out that someone had taken over his account, put an address and phone number they controlled on the card, and had a new card sent to the new address. It’s nearly impossible to do that if the person in question doesn’t already have a significant amount of information about the person they’re trying to take over — most importantly, their Social Security number.
Gee, I wonder how an untrustworthy individual got hold of the Social Security number of a guy who will freely read it off to any stranger that calls him?
You will be happy to know that, after this foolish mistake, I changed my process to make sure I kept the account number of the person I had just called on one of my applications while moving forward with screening the next account in another window, so I could still find the old account if I got a late pick-up again.