User identification in banking institutions is carried out by sending an SMS with a unique code to the user’s smartphone. Bank employees are asking customers to provide this code. And, as the financial institution claims, such a transfer of information does not pose a risk to the client’s funds, as it is indicated in the SMS which codes can be reported to bank employees, however, such requests may develop certain stereotypes of the user’s behavior and the habit of reporting information to bank employees upon request. So, some received codes are necessary to complete the operation to write off funds from the account. It is such information that cannot be transmitted to bank employees. It is completely safe to send SMS codes when connecting additional services. However, some banks also use SMS codes to identify users. Experts believe that this practice should be abandoned, as users can get used to transmit any codes without paying attention to the data privacy warning received in SMS. The criminal who called on behalf of the bank and requested SMS codes, in the end, can gain access to funds of trusting customers.