Menu
Reply
On our wavelength
  • 32
  • 1
  • 13
Registered: ‎25-01-2013
Message 1 of 9 (207 Views)

The point of this shared password please VM??

I recently received a phone call from someone claiming to be from Virgin Media and telling me that they believe that there is a better package for me. Always happy to get a better deal I was happy to chat. That is until she proceeded to ask me for my address and other personal details. "Hang on, you called me" was my response. "I'm happy to chat but before I proceed I need to confirm that you are actually from Virgin Media"

Conveniently with VM we have a shared password, a perfect way for me to validate who I am speaking with. But no, she was not willing to disclose the 2nd and 4th characters from my password. So I ended the call, as far as I was concerned this was a scammer as did VM until I gave them the phone number that she had called from which they confirmed was theirs.

So Virgin Media, what is the point in this shared password if your staff refuse to use it. It is actually a very sensible way to authenticate each other and not using it just builds up a habit of it being OK for people to pass out their sensitive information to anyone who calls them. Just look at the TalkTalk incidents reported where this was happening, and all you are doing is teaching your customers that this approach is OK. Shame on you, you should know better.

 

Knows their stuff
  • 1.12K
  • 121
  • 326
Registered: ‎23-09-2012
Message 2 of 9 (187 Views)

Re: The point of this shared password please VM??

Confirmation of phone number being theirs does not confirm they called; Caller ID could have been spoofed.

Unfortunately, as you found, the only way to handle unexpected calls like these is to ring them back making sure:

  • previous call terminated and their not hanging on playing back a recording of the dial tone
  • to use their published telephone number

 

Reply
0 Kudos
Fibre optic
  • 267
  • 25
  • 57
Registered: ‎15-12-2015
Message 3 of 9 (156 Views)

Re: The point of this shared password please VM??

It's not a shared password, it's a verification password for data protection. You wouldn't want that given out to anyone who picks up the phone or even a wrong number. Staff are not allowed to repeat the password over the phone. There are consequences for breaches of data protection, so you can see why they would want to confirm that you are the account holder and complete security checks before making any changes to your account.

***********************************

These are just my opinions. Feel free to completely ignore my advice. The above message may contain sarcasm (if you can't find it, you're not looking hard enough)
Rising star
  • 740
  • 34
  • 262
Registered: ‎21-11-2012
Message 4 of 9 (150 Views)

Re: The point of this shared password please VM??

And by the same token nobody should be expected to give out any information regarding a password to a cold caller no matter who they claim to be.

Superuser
  • 1.32K
  • 99
  • 304
Registered: ‎18-05-2010
Message 5 of 9 (130 Views)

Re: The point of this shared password please VM??

I have said on several occasions that users should have a password/passphrase that is used by VM when calling, why can't we ask for two letters from our memorable word then once given by VM we're asked for a third, or have two words one for VM calling us while the other (as we have now) when we call them, that would put people's minds at rest that it is VM who is calling rather than a scammer.


Virginia/Doctor9fan. If I have helped please give me Kudos.
Reply
0 Kudos
Knows their stuff
  • 1.12K
  • 121
  • 326
Registered: ‎23-09-2012
Message 6 of 9 (115 Views)

Re: The point of this shared password please VM??

[ Edited ]

IMHO, customers would gain little from the type of authentication mechanism being discussed and would unnecessary expose themselves to a greater risk of being successfully scammed if Virgin Media or its call centres were compromised and customer data leaked / stolen; it is much harder to social engineer a scam if there is no way to authenticate who you are to the victim.

Reply
0 Kudos
Fibre optic
  • 267
  • 25
  • 57
Registered: ‎15-12-2015
Message 7 of 9 (100 Views)

Re: The point of this shared password please VM??

I would also like to add that if you are called by anyone who claims to be from virgin and are unsure about their identity, then you can call 150 and they can confirm if there has been anyone accessing your account.

***********************************

These are just my opinions. Feel free to completely ignore my advice. The above message may contain sarcasm (if you can't find it, you're not looking hard enough)
Superuser
  • 12.48K
  • 627
  • 4.09K
Registered: ‎01-11-2009
Message 8 of 9 (83 Views)

Re: The point of this shared password please VM??

I work in a similar area where we have t ask for DOB to confirm we are speaking with the right person.  If people do not pass that check we cannot continue.  In my situation we are technically not cold calling as the people we talk to should be informed of our service prior to us going live and have been given a number should they wish to opt out.

I can't say much more, except to say that we are not sales calling, we are actually providing a valuable reminder service to individuals.  However, I accept that the issue of someone asking for your password DOB or any other security question is always going to be contentious.  In my situation, I can't prove who I am until I deliver my message, but before I do that I have to be sure I'm speaking to the right person.

I have had people say to me "Well you tell me what you've got and I'll tell you if it's right."  However, I'm sure most people will see the problem here.

If I tell you what's on my screen I'm potentially giving out their private information to someone else.

Quite frankly I'd drop all scam callers into a deep pit along with all spammers, and fill it with concrete, as out job would be a whole lot simpler without people having to worry about scum like that.

Tim

________________________________________


Only use Helpful answer if your problems been solved.

Reply
0 Kudos
On our wavelength
  • 32
  • 1
  • 13
Registered: ‎25-01-2013
Message 9 of 9 (77 Views)

Re: The point of this shared password please VM??

There is also the point here that changing a password is very easy changing your date of birth or address, less so.

Reply
0 Kudos