[microtonal]

One of my former banks handled this pretty well. They called you and would say something like “there is an issue, but since you should never trust a direct phone call pretending to be your bank, please look up our number on our website and call us”.

It’s kinda nice because while doing this, they also educate their customers to never trust such a call and to rely on official information to contact them.

[OkayPhysicist]

My credit union does the same but with "call the number on the back of your card". I suppose they have a lot of practice getting it right, given that their idea of a suspicious transaction is any transaction out of state.

[ectospheno]

PNC pulled that on me all the time. So I closed all my accounts and bank elsewhere. Gave fraud prevention as the sole reason for my exit on forms.

[i80and]

I ended up with a PNC account as a result of a series of bank acquisitions, and they're so badly run it's almost a dark comedy.

Branch staff are all perfectly lovely, but they're at the mercy of very funky systems above them.

[pixl97]

Banks are filled with stupid levels of bureaucracy internally, but PNC takes that up to 10. Their IT employees seem like dried husks of something that once was human.

[devilbunny]

> any transaction out of state

I am assuming card-present transactions? Because I order things from all over, not just locally.

I do appreciate the fraud protection but authorizing my ATM card for non-US withdrawals is overly specific and extremely annoying and time-consuming. Plans change? Expect to spend 15-20 minutes on the phone to say “yes, I will be in Portugal for one extra day”.

[freedomben]

My bank did the "out of state" suspicious thing for a while. It was particularly painful since I lived near a state border...

[khedoros1]

Mine did the opposite for a while. In the event of an issue, they'd call, tell you that they were putting you on hold for a teller, and the first thing the teller did was identify the bank and ask for personal information to verify the account.

I always made a point of telling them that they had called me, that I had no proof of who they were, and that I was going to call back from the published number.

[JoshTriplett]

That is a great demonstration of best practices. What bank was that?

[microtonal]

I was probably the Dutch ING or ABN-AMRO, we went through too many banks and between two countries :D.

The Dutch ING now has a new thing where you can verify in the banking app if it's them calling you:

https://www.ing.nl/de-ing/veilig-bankieren/wat-kan-je-zelf-d...

(I guess in some sense it's a step back because the bank is calling you again, but it's nice that you can verify it live in the app.)

[dexterdog]

It's also a great filter for the scammers. The people who are non-gullible or medium-gullible will follow. The truly gullible will say "What is the web address?" To which they respond "citibank-support.blogspot.com"