Bank call centre staff assist account breaches

A SURVEY of Australian banks' call centres has found that half of their staff are prepared to help people access someone else's financial records.

By InvestSMART · 11 Jan 2011

By InvestSMART ·
11 Jan 2011

Comments

A SURVEY of Australian banks' call centres has found that half of their staff are prepared to help people access someone else's financial records.

In November, customer experience research firm Global Reviews phoned call centre operators at eight of Australia's leading banks, including each of the big four.

Without identifying themselves as researchers, in 20 calls to each bank they asked how they could get access to their friend or partner's account.

In all cases the first answer was that it was against the rules. But when pressed, call centre staff became more co-operative.

"The callers would say things such as, 'My girlfriend needs to transfer money today, she's gone to work, I have to do it for her, she'll kill me when I come home tonight' " said managing partner Peter Grist.

"Half the time after saying no the call centre staff would work with the caller to find out ways to do it."

Usually the method involved using internet or telephone banking and details such as account numbers and dates of birth that would be known to estranged or current partners.

Staff at the ANZ bank were significantly less keen to advise on how to break the rules than staff at the other banks.

When results from the ANZ are excluded the proportion of call centre staff prepared to advise strangers how to access customers accounts climbs to two-thirds.

An extraordinary 15 per cent were prepared to go further. "They said if the caller was worried about how to go online and do it, they would stay on the phone and guide them through it. They don't illegally enter accounts themselves, but they do guide other people through how to do it," Mr Grist said.

"I was astounded that so many call centre operators would get so actively involved in helping someone break the rules. What didn't astound me was their desire to help. There's a massive drive for customer satisfaction. It is drilled into them," he said.

"They weren't trying to be fraudulent. They knew the rules. But human beings like to help. And not just in banks. I think it would be the same in any industry."

The release of the survey results follows the revelation this week that Vodafone is investigating a security breach in which customers' private details were accessed on websites. The firm faces possible compensation payments to up to 4 million customers.

Former privacy commissioner Malcolm Crompton, whose consultancy helped fund the survey, said what the banks and Vodafone had in common was their vulnerability to social engineering.

"Someone rings up and is incredibly nice and it is hard not to help. They get one bit of information from one call centre operator and use it to get more from another."

Each of the banks surveyed has been sent a copy of of the results. Mr Grist said they were surprised.

HERE TO HELP

Proportion of call centre staff prepared to advise how to access other peoples accounts

Bank of Queensland 57%

St George 55%

Commonwealth 54%

National Australia Bank 49%

Westpac 42%

ANZ 18%

SOURCE: BANKING PRIVACY BENCHMARK,

GLOBAL REVIEWS

Go to Google News, then click "Follow" button to add us.

Share this article and show your support

Frequently Asked Questions about this Article…

What did the Global Reviews survey reveal about bank call centre security and staff willingness to help access other people's accounts?

The November survey by customer experience firm Global Reviews found that about half of Australian bank call centre staff were prepared to help people access someone else's financial records. Callers phoned eight leading banks (20 calls to each) and, although the first response was usually that it was against the rules, many operators became cooperative when pressed.

Which banks were included in the survey and which had the highest proportions of staff willing to advise on accessing another person's account?

The survey covered eight leading Australian banks, including each of the big four. Reported proportions of call centre staff prepared to advise on accessing other people's accounts were: Bank of Queensland 57%, St George 55%, Commonwealth 54%, National Australia Bank (NAB) 49%, Westpac 42% and ANZ 18%. ANZ staff were significantly less likely to advise how to break the rules.

How did call centre staff reportedly help callers try to access someone else's bank account?

Survey results showed staff often suggested using internet or telephone banking and relying on details like account numbers and dates of birth that partners or estranged partners might already know. About 15% of operators said they would even stay on the phone to guide a caller through the online process — they did not illegally access accounts themselves but would coach someone else.

Were call centre operators intentionally committing fraud when they helped callers?

According to the survey and its authors, operators generally knew the rules and were not trying to be fraudulent. Managing partner Peter Grist said staff were driven by customer service and a desire to help, which led some to become actively involved in finding ways for callers to access accounts.

Who conducted and funded the survey, and when was it carried out?

Global Reviews conducted the phone survey in November. The release was supported by input from former privacy commissioner Malcolm Crompton, whose consultancy helped fund the research, and Global Reviews' managing partner Peter Grist is quoted throughout the report.

What role does social engineering play in these bank call centre security problems?

Former privacy commissioner Malcolm Crompton highlighted social engineering as a common vulnerability: attackers use friendliness and small pieces of information gained from one operator to extract more from another. In short, social engineering is the human manipulation of staff to reveal or piece together customer data.

Did the banks receive the survey findings and how did they react?

Yes — each bank surveyed was sent a copy of the results. Peter Grist said the banks were surprised by the findings.

How does this survey relate to the Vodafone security breach mentioned in the article and what does that mean for customers?

The survey's release followed news that Vodafone was investigating a security breach where customers' private details were accessed on websites; Vodafone faces possible compensation claims affecting up to 4 million customers. The article links both incidents as examples of vulnerability to social engineering and data exposure across industries, underscoring wider customer privacy and security risks.