I missed a credit card payment to Capital One this month. Sheer incompetence on my part, of course – simply a matter of missing the date. Not, you would think, the end of the world.
I became aware of my forgetfulness when Capital One’s callcentre staff phoned me on Friday morning. The conversation went as usual with these companies: “Can I speak to Mr Ben Pl…Pleuvy [or something similarly vague]?”. “Speaking.” “This is Capital One here, I need to speak to you on an urgent personal banking matter. For security, could you please confirm your date of birth.”
Hang on, whose security are we talking about here?
“I’m not giving you my date of birth. It’s personal information. I don’t even know who you are.”
Rather impatiently, I was told that if I doubted their identity I could phone them: “You’ve got the number, it’s on our bill.” Gee thanks. I did phone them – even though it cost me 7p plus 2p per minute. Their system told me to key in my credit card number. I did. It told me to key in my date of birth. I didn’t. The system put me through to one of their callcentre folk. He asked me for my date of birth.
“I said no. I’m not giving you my date of birth. It’s my personal information.”
“But if you don’t pass validation, I can’t talk to you. The system won’t let me see your account until you give me your date of birth.”
“So you want my date of birth because your system requires it?”
“But it’s my personal information.”
“But I need it for security.”
“Then you’ll just have to write to me, won’t you? Goodbye.”
After that second call, I had a think about why I wasn’t playing – until then, I’d been reacting out of sheer irritation, partly at my own stupidity in forgetting the payment, partly at the mere fact of being called from a callcentre. My date of birth is my personal information. If it is so valuable a piece of information that it can validate my identity, then I don’t want to give it to someone I know almost nothing about – even if I’m sure they are indeed working in Capital One’s callcentre, I still know nothing about their personal integrity. If, on the other hand, it isn’t a valuable piece on information (because actually it would take very little effort for anyone else to find out my date of birth), then the charade of giving it “for security” as though it is some kind of meaningful token is merely demeaning.
Call number three was pretty similar. Call number four came on Saturday morning. By that time, of course, I’d actually paid the bill, but Capital One’s systems apparently didn’t know that.
“Can I have your date of birth?”
Sigh. “You have to pass validation or I can’t talk to you about your account.”
“So don’t talk to me about it.”
Sigh. “We aren’t going anywhere.” You got it. “You’ll have to put up with the calls.” She hung up.
Call four tried reasoning with me. “Why won’t you pass validation? You can ring us so that you know we’re Capital One.”
“I have rung you – and was asked for my date of birth.”
“Well, you have to pass security.”
“Not if it means giving you my date of birth.”
“We’re complying with the Data Protection Act.”
Well, no you’re not. You’re just trying to limit your risk under the Data Protection Act. Different thing altogether.
“You can ring us if you don’t believe we’re Capital One.”
“I don’t have any doubt that you’re Capital One – I’ve spoken to enough of you over the past 24 hours. My date of birth is my personal information. I’m not going to give it to you. In fact, I don’t even know what you think my date of birth is.”
“We aren’t going anywhere. You’ll just have to put up with the calls.”
“So you’re telling me you’ll keep ringing until I give you my date of birth? That sounds like harassment.”
“It’s important that we speak to you about your account.”
Not to me it’s not. At least, not if I have to bend to your will to enable you to do so.
But she’d rung off.
There was a call five, and may even have been a call six before Capital One’s systems obviously twigged that they’d actually had their money. The later callers were bad-tempered from the outset – their system may not allow them to see my account details until I’ve “passed security”, but it sure as hell let them see a note reading “This One Is Trouble” or words to that effect. The words “we’re going nowhere” were repeated. The threat to keep phoning was repeated.
This is a mess. I’m not precious about my date of birth. In fact, I am happy to give £10 to your favourite charity if you (so long as you’re not someone I know well) are the first person to email or DM me my date of birth any time before the end of April – but only £10, because I don’t believe it will be particularly difficult. So while I can think of lots of scenarios in which my supplying my date of birth provides some evidence of my identity, I can also think of lots of scenarios in which it proves nothing of the kind. I can also think of scenarios where a callcentre worker quietly harvests personal information to use for their own illicit purposes. Why should their systems pander to their paranoias rather than to mine? Capital One have never explained to me the systems they have in place – if any – to prevent their callcentre workers (overseas) from misusing my personal information.
Then there’s also that whole callcentre thing. The significant pause after you answer the phone, which means that a machine has dialled your number, not a person. The ridiculous “How are you today?” greeting. The utter failure to accommodate – the failure to have a Plan B for dealing with the maverick client – because “The system requires it”. This is not customer service – it’s (attempted) customer management.
I wouldn’t object to sharing a secret with Capital One – a password, a question and answer, some facts about my account. I wouldn’t mind if their callcentre staff were free to negotiate around establishing identity and to make a judgement on the basis of a conversation. But date of birth has become the standard mechanism for authentication, in spite of the obvious nonsense it is. And of course Capital One isn’t the only company to act like this – it seems to be pretty universal. It’s “what the system requires”. Well, not from me. Sorry.