Tuesday, January 24, 2017

Citi's Weird Security Processes

I got a call a phone call this morning, the Caller ID said "Unavailable". I answered and it said it was from Citibank fraud prevention and about my MasterCard and the automated voice said my full name from the account. It seemed real and shortly thereafter a woman came on and tried to verifiy I was who I said. I answered a couple of questions and then they wanted to send a text message and asked for a cell phone number. I said you called me and I'm not sure you are who you say you are. She said she understood and encouraged me to call the number on the back of the card which is the right thing.

So I hung up and did that. I called the customer service number and the automated system seemed to forward me directly to the fraud department. I got a guy this time. He wanted to verify I was who I said I was. He asked me for a cell phone number to send a text message. I gave it and said but that doesn't help since you're just sending the message to the number I told you to. He said that was a good point but they check the number in a database to verify it or something. Anyway somehow they never sent the text and that didn't help. I suspect this account never had my cell phone number but am not sure. He asked if I had other accounts with Citi, I said no, just an AmEx linked to the same account they sent me some time ago. He took the last five digits of that and said yes, since it was linked to the same account it didn't help. He asked if I had any car loans. I said no and this is ridiculous, he indistinguishable from a phisher. I said you called me, the agent told me to call back and said she'd write something in the account indicating this. I did and am calling from the landline linked to the account and you're asking me about the rest of my financial history when you should know that I don't have other Citi accounts.

He checked and said there was nothing he could do and that Citi Security Dept would call me in the next 24-48 hours and theres a hold on my account. I said that was fine, that I hadn't used the card in six months and that any recent charges on it are probably fraudulent. He said he'd make a note of it.

I suspect someone made some charges on the card and Citi noticed it hadn't been used in a while and that triggered an alert, that's great. I suppose that someone might have tried opening other accounts in my name and maybe he was seeing those on his screen (though he kept saying without passing security checks he couldn't see account details) but those accounts would have been recently created and therefore shouldn't be required to verify identity.

I get that Citi is trying to accurately verify I am who I say I am, but their processes have to make more sense. If I can't trust them when they call me (because I get about 4 spam calls a day) and they can't trust me when I call them (particularly right after they called me), then it can't ever work.

No comments: