Recently, I received a call from my bank. The person at the other end asked for the details of my bank account to finalise a transaction.
After the call, I realised that I was never presented an opportunity to verify the identity of the caller. I took him at his word.
Fortunately, I was aware of that transaction that he had called about, so I trusted that he was indeed my bank's representative and did not worry very much about the information I had given him.
But I may not be as fortunate the next time around. A sophisticated scammer could take advantage of my implicit trust to pose the same question to me, and I would be none the wiser about his real identity.
I think there is double standards when it comes to identity verification over the phone.
When customers call a bank, they are required to go through an identity verification process. This could be by answering a few questions about their banking activity or receiving a one-time password (OTP) on their phone.
However, customers do not have a similar mechanism to verify the identity of calls from banks.
They can only trust the caller implicitly. Unfortunately, this conditions customers to trust the identities of similar callers, and opens them up to phishing attacks from scammers.
I urge the Monetary Authority of Singapore (MAS) to empower customers to protect themselves by being able to verify the identity of calls from banks or other financial institutions.
This will prevent customers from divulging their financial information accidentally to malicious third parties.
Balasingam-Chow Yu Hui