I needed to phone my credit card provider today. The telephone login procedure to their overseas call centre raised alarm bells for me. Too much PII. So I’ve emailed them as follows:-
I just had to call CS as website was not allowing logins. I am concerned about the amount of PII that I had to give your operator to login.
I was asked for:-
My CCN (obviously needed)
Firstline of my address
and my password.
This imo is excessive. You *do*not* need all this information to identify me when I call you. All your operator needs is my CCN and my password. Otherwise why set a password?!?
I would be more than happy to discuss this at length with your IT / security / infosec department. Please get them to call me Peter 077** *** *** many thanks for your help. I look forward to hearing from you. <email ends>
How much Personally Identifying Information do you give away when you call your bank or credit card company? Too much? The right amount?