Good-bye NatWest, thanks for the lousy security

For many years I've banked with NatWest, since I was in my teens in-fact, and during that time I've had various different "products" with them - including business accounts.

Now, with the recent trend in issues with their security as well as a rather disappointing incident today with their fraud team, I've decided it's time to move on.  But I figured it was worth highlighting WHY I feel the need to move on from this rather old institution ... just to make the point about their lax security.

These days, everyone needs to be super vigilent to ensure their money is safe - and its not enough to trust your bank to do the job on your behalf. We are constantly told to never share your internet banking credentials, to check all cashpoints when using them with your card and even more so to never give any potentially sensitive information to anyone over the phone in fear of it being used to socially engineer. Which is why today my sense were pricked ...

Last night, around 6pm, I placed an order on Zeek - something I do pretty regularly in the everlasting bargain hunt that is life. And, as typical with NatWest and Zeek (and me ??), they blocked it ... I shrugged, and put it through with Paypal and didn't think anything more about it.

This morning, at 9:33 I received a text - purporting to be from NatWest. There's no number associated with the sent message, just a name. And in the message it gives two numbers.

Hmm - I searched the NatWest website, and didn't find this number anywhere.  In fact, on their contact us page, there is a completely different number down for this situation. 

You may receive a call or voicemail from us about your bank account or debit card, to help protect you against fraud, you can call us back on: 

UK: 0800 011 3312

What the hell, I thought, I'll give it a call. It was answered by a an AVR requesting my card number ... after duely punching it in (I personally don't figure a card number as that personal information), I was greeted by a chap who immediately challenged by to go through security. I politely declined, indicating I had no idea what this was about and suggested he called me back on my registered number on the account - he said, 'what, the one you have called on'. Interested. I called in on a withheld work number, which isn't linked to my account. Another red flag. I said no, the mobile number on the account. He agreed, and we hung up.

No call arrived.

So I messaged NatWest through the app...

Yes, you are reading that right. They hide this number intentionally. And this forms part of their security. WTF.

I challenged this, and was basically told that they felt there was nothing wrong, nor potentially dangerous, with the way they handle contact with people about potential fraud on their account - completely missing the point we are always told to NOT call unpublished numbers for our bank, nor the fact that the bank usually automates this process via text message anyway.

If the bank is willing to lead people into potentially malicious and scammy situations by using this sort of method, I want absolutely nothing to do with them - and as such, will be voting with my feet. I'd suggest anyone who is remotely concerned with their money's safety to follow too. As an aside, Barclays really do all this security lark better ...

Comments are closed