Barclays call security

My main account is with Barclays. Today I got a call from them and it was good to see the new way they have implemented for customers to confirm if this is a genuine Barclays calling.
I was first sent a text message that they will call me with the details about what’s it about and last 4 digits of the phone number of what they will call from then on call they asked if I have Barclays app and then asked me to check the notification and confirm.

Screenshot_20210611-114022~2945×2047 133 KB

This seems to be a really good way to make sure their customers can avoid fraudulent calls.

I’m not sure about the text message part as that could easily be done by a fraudster. However, the in-app notification is a very good idea.

They have had that for a long time, actually. Works really well, and is so much easier than having to call them back.

I hope other banks will eventually implement this too!

Yes, my thoughts exactly. In fact I’d suggest they scrap the text all together otherwise it’s pretty mixed messaging: one form of notification you can trust (push) and one you really can’t and shouldn’t (SMS). I don’t think it’s wise for banks to get customers into the habit of taking what an SMS says as genuine reassurance, considering how easily they can be spoofed.

Push notification would be better but as described they asked if they had the app. Presumably not everyone does.

True. The thing is there are criminals who use coordinated spoofed SMS messages and spoofed caller ID phone calls to scam victims, so I’m slightly concerned about Barclays reinforcing this. They’re teaching customers that so long as they receive a text beforehand notifying them of an imminent call, it can be trusted - which quite simply is not the case.

Starling has an Authenticator code in-app which changes every 30 seconds or so, to check on callers.

On the call person told me their name and then the same name was on the notification.