Hacker News new | comments | show | ask | jobs | submit login

Much simpler is to establish a "shared secret" when you open the account.

"This is XYZZY bank calling about your account, your pre-established secret word is 'plugh.'"

Then you know with some certainty that the caller is legit. Assuming you remember what your secret word is.

Still better if you initiate the call though.

My credit union does this in the other direction (I have a pre-established secret word that they ask for in order to prove I'm myself; I think there's even another one I'm supposed to use if I'm under duress, but I can't recall).

Yeah, that's exactly the same as the scenario outlined in the OP. How do you know that whoever called you is in fact your credit union?

Possibly overthinking but... Bank calls my phone, someone other than me answers, bank says "plugh", that someone else can then at a later date call me and I will believe they are my bank.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact