Dear M&S why oh why do you need so much PII to log me in?

I needed to phone my credit card provider today. The telephone login procedure to their overseas call centre raised alarm bells for me. Too much PII. So I’ve emailed them as follows:-

I just had to call CS as website was not allowing logins. I am concerned about the amount of PII that I had to give your operator to login.
I was asked for:-
My CCN (obviously needed)
Firstline of my address
my postcode
and my password.

This imo is excessive. You *do*not* need all this information to identify me when I call you. All your operator needs is my CCN and my password. Otherwise why set a password?!?
I would be more than happy to discuss this at length with your IT / security / infosec department. Please get them to call me Peter 077** *** *** many thanks for your help. I look forward to hearing from you. <email ends>

How much Personally Identifying Information do you give away when you call your bank or credit card company? Too much? The right amount?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s