It's not just this alone that's pushing me away from them, I don't like them much anyway.
Their security practices for online banking are pathetic in comparison to HSBC. HSBC gave me a one time key dongle which breeds more confidence than the various articles about santander's lax security I've read.
HSBC are also (or at least were very recently) in the habit of calling customers and launching immediately into security questions without even identifying themselves first, which is wrong for all sorts of reasons.
You get called by a computer that asks you to identify yourself by picking a piece of personal information from a list. It might ask for the month and date of your birth, for example, and give you 5 options.
Because there are 365 possible month + date combinations, and yours appears in the list, you know they already have this information so you're safe to confirm it, and they also get to confirm that you are (likely) who they're intending to talk to.
Yeah, I was pleasantly surprised by this too! I had the birthday, an address, and something about one of my standing orders that I had to pick from. It was nice to not have to explain yourself to a real person either. You just had to confirm whether the transactions were real ones. I just have a normal Barclays account, too, nothing special.
That's easy to solve, if they get confused when you ask for proof, just ask them for a number you can call them back on and the reason they're calling. However, it's easy enough to type, but harder to remember to do in practice though.
Oh, I call them back on the number that I have in my address book. I just want them to never do it again. To anyone. It s a bad practice that serves only to condition users into giving out personal information to any random person calling up and pretending to be from a bank.
If enough users start making a fuss it could trigger action, it seems like a good idea to protect all of the users who don't know about this vulnerability
