[userabchn]

A bank called me to ask me security questions. I said that I would call back using the number on the bank's website. They said (and the bank confirmed when I did call the number) that there is no way to be transferred to the security question people when I call the bank - the only way is for them to call me. I explained that that was poor security practice. They said that I should just look at the caller ID to see that it was the bank calling. It was useless trying to tell them about caller ID spoofing.

[bertil]

It’s a real mystery why, as soon as I heard about a bank founded by people who sounded like they had heard about the internet (Monzo, in the UK), I switched away from my venerable bank (NatWest) that, at the time still had security practices unsuited for the 18th century.

Appropriately enough, the last thing they did was to insist —demand, really— that, in 2018, I fax them my demand. It just so happens that this could have been relatively safe because, after asking everyone I knew for a week (including some venerable hackers), the only way that I found to send a fax was to ask the local branch of the same bank.

Asking them to authorize the transfer wasn’t possible (by showing them all relevant documentation). Asking them to let me send a fax, using their machine, to a sister branch to tell them to authorize a transfer without anyone verifying my ID, was fine.

[deergomoo]

One of my favourite things about Monzo is they have a little thing in the app that tells you if they are currently on the phone with you to verify against anyone claiming to be them.

[ajmurmann]

And then if your identifiers somehow get in the hands of bad actors and the bank gets fooled by them to open a bank account in your name, you are the one on the hook. It's utter insanity!