Natwest train their customers to be bad at security.

Today I had a fraud call from Natwest, from a number that is not associated with the company anywhere. This is bizarrely dangerous behaviour by a bank, for the reasons below.

Some brief background. This weekend the Guardian carried a story about the victims of elaborate bank frauds. Often victims were called by people pretending to be their bank, who were in fact criminals. You should never give important information to random people who call you.



Thanks for the advice grandad.

You’re welcome. Now, last night I tried to buy something a bit expensive on the internet, and my payment was declined. That sort of thing happens. Fair enough. Natwest thought it might be fraud.



Then something odd happened.

The next day I started to get calls from an unrecognised number: 0800 200348. They left a message claiming to be Natwest. But how do I know that’s really my bank? When you google this number it’s not associated with Natwest anywhere.



It could be anyone calling me. It could be a fraudster.

So I tried to find out whether this really was Natwest calling me. I asked Twitter.

Nobody knew. Then I asked Natwest.

They replied. Kind of. They asked me to send them personal details over Twitter. But they wouldn’t tell me if 0800200348 is a genuine Natwest telephone number.

Then Natwest deleted their tweet.

Maybe they were embarrassed. Here is the tweet Natwest deleted.

I guess they deleted this because it was unhelpful, and I quoted it in my reply.

Finally they answered. 0800200348 really is a Natwest number, tho it’s not associated publicly with the bank anywhere on the internet.

Now, that’s all great. I called their number, I got my card turned back on. But here’s the thing.

Training your customers to ring random numbers that are not publicly associated with your bank anywhere, to trust these numbers as if they were from your bank, and give them information related to your banking… is really dangerous.

Natwest are literally training their customers to be bad at security.

Natwest are training their customers to be victims of fraud.

Now. When a Natwest customer fell victim to a fraud, where someone contacted him pretending to be Natwest, the bank left him high and dry. This was a young customer, maybe a little naive, and his entire student loan was wiped out by this fraud. Natwest only covered his loss when it became a media story.

I think anyone who is the victim of such a fraud, from Natwest, or any other bank that behaves similarly, could make a strong case that Natwest have brought it on themselves.

Banks who ask customers to trust strange telephone numbers are training their customers to be victims of fraud.

Follow up….

Within five minutes of tweeting this I was sent lots of examples of banks doing the same thing.