ECC0075

Written evidence submitted by Richard Sarginson

 

Recently, there was a case in Worcester in which scammers deprived a family of all their savings. It is a continuing theme on various television and radio programmes.

 

This proposal is intended to greatly reduce these scam incidents by giving confidence to the public to rapidly end scam phone calls by allowing them to identify fake callers. (The normal mantra about the things banks, building societies etc will never do would continue to apply.) 

 

Should it prove workable, it would stop the vast majority of such incidents that use phone calls, providing the general public were willing to protect themselves by joining a simple scheme and remembering three words of their own choice.

 

The Problem The problem is that when a member of the public receives a phone call, they have no means of telling the real identity of the person calling them.

 

The Scheme  This scheme gives the public a means to do this and would cover all financial companies so that their money could be protected no matter how many accounts they hold throughout the financial sector.

 

How it works  Each member of the public signs on to the Stop All Scammers (SAS) system and sets up three words known only to that person. Those words are held in a central computer system. Numbers would be allowed as well as letters.

 

All financial companies are required to join the SAS scheme and they have access the database of the words chosen by individuals in order that their customers can ask a three-part simple question. This then means that any registered individual member of the public would only need to remember three words no matter which company they were talking to.

 

The question below would be asked by the member of the public at the beginning of any conversation to establish bona fides of the caller; however, financial companies would still stick to their existing rules as to what they will, and will not, ask a customer about over the phone. This needs to be a formal and invariant exchange. This just explains the basic principle.

 

Suppose my three words are  ADVICE, NEVER, REFUSED (known only to the SAS computer system.)

 

The questions (the letter number chosen at random each time) asked by the member of the public receiving a phone call are,

    1. Give me the fifth character of the first word              answer C

    2. Give me the second character of the second word       answer E

    3. Give me the fourth character of the third word        answer U

 

The employee from the financial company would need to have access to the system and would be given the required information only (ie the 3 letters) to answer the specific question, not the three words. A correct response would mean that the person was a genuine employee with access. An incorrect response (or attempt to repeat a question already asked) would show that this was a scam and the correct thing to do would be to put the phone down. All telephone conversations with a bank or building society would need to start with this exchange of information. If it is not offered or correctly carried out correctly - hang up.

 

All financial companies should be required to join the SAS scheme. That ensures uniformity and simplicity for the general public.

 

It would need to be administered and run centrally, as all finance companies would be required by the FCA to join to provide the required protection for all the public. This then ensures there is a single system across the whole industry and any individual customer need remember just three words.

 

It would need to be free to customers to ensure maximum uptake.

 

Further details of the initial exchange of information

There would be a need to ensure that employees of a Bank etc, using the SAS scheme were properly identifiable to the SAS system. I suggest that, whilst passwords might be used, they are too vulnerable to misuse. Both facial recognition and fingerprint techniques would appear to offer far greater security against the possibility of impersonation.

 

If possible, it would be best if all companies use the same system and follow an identical script. By doing that, the general public would learn exactly what to expect. Any deviation would be a sign of a scam call and should trigger the call being ended immediately.

 

All calls are, I believe, recorded by bona fide financial companies and this initial exchange would need to be excluded from any recording.

 

Other Advantages  There are other telephone based scams.  It would clearly be possible for other types of company (than financial) to also use the SAS scheme. Whilst I feel confident that the financial industry would be secure and is well regulated, I am less certain that this would be true for a far wider range of companies. Access by criminals to company terminals might become a security issue, particularly as home working is probably going to increase. Thus it is imperative to ensure that company personnel are properly identified to the SAS system (Just using a password would not be enough). This needs further study, particularly if facial recognition and fingerprint ID were thought to be insufficient.

 

I believe that the proposed SAS scheme could be implemented initially across the financial industry very rapidly should the Government see the advantages of it. It could then be expanded to cover companies/industries where scams occur that rely on impersonation and the inability of a member of the public to know who is calling. 

 

I would be happy to discuss this further, and would be interested to know the extent of any interest there might be in the idea.

 

December 2020