My name and date of birth? But you called me!

This morning, a fellow named Brad from NAB called to see how my banking was going. The call was unsolicited and the caller ID blocked. Brad was friendly and polite as he began asking a few questions about my banking habits. You can imagine though, that I wasn’t terribly inclined to answer any of his questions, considering I didn’t know him from a bar of soap.

I asked him if he could provide me with a piece of information from my account, to assure me that the call was legitimate. In order to give any information, he told me, he would need to first obtain some details from me, and began by asking for my name and date of birth. I wasn’t quite sure he was getting the point, but politely let him know that I didn’t really want to do that. We finally arrived at a compromise – I could phone him back on a number found easily on the NAB website. I did, waited on hold and was eventually transferred back to him – a process that took something like ten minutes. Not quite sure why I bothered, really.

There would be a really simple way to solve this. On opening the account (or as part of regular account maintenance), customers could be asked for an “authenticity assurance” word or phrase – a shared secret which could be quoted on an outbound call to provide peace of mind. To me, it seems like this is a total no-brainer security measure and I can’t understand why nobody does it. So I’ve sent them the suggestion, I’m curious to see the response. What am I missing? Why isn’t this done already?