TOT disclose your PIN

Any dealing I've had with any company in the financial industry have always come with the warning that "we will never ask for your full PIN"

Today I phoned Hargreaves and Lansdown and the first security question was:- "What is your full PIN?"

I'd be more intrigued in your answer ....

The PIN for what exactly?

When I needed support from my landline supplier (they called themselves New Call Telecom at that time, one of their security questions was the password for their web portal. I wrote to their MD and explained to him why I thought that was a Very Bad Idea (tm)

I tried to re-register with a site - I think it was National Savings and Investments.

They said they would pass me to another department to set my password. I was then transferred and asked what I wanted my password to be. I said I was refusing to answer this question as all the advice I have ever received is not to disclose a full password on the phone. The guy said it was a secure line. I said how did he know if my line was secure. How did he know if my calls were monitored? How did he know if I could be overheard? He insisted it was a secure line. I insisted I was not prepared to disclose any password by telephone.

After this stand-off, I spoke to a supervisor, who told me how to complete the task online.

Years ago I bought some diesel from a filling station in the Dales. The bloke was obviously unfamiliar wit the protocol. He said 'Gimme yer yard." I did, and he shoved it in the machine. "Wot's yer number?"

Bill

I had one tool hire place try and use my card to put a CNP transaction through, only to be stopped dead by the fact that I destroy the CV2 number.

When I pointed out he wasn't supposed to be doing that, his excuse was it was cheaper than paying for a C&P terminal.

I wonder how many other businesses are playing fast and lose with customer security this way ?

There are no secure telephone lines in the UK public network. There is no way you can tell if you are being monitored. Any clicks, pops etc. are just line noise.

I said I was prepared to reveal a couple of digits but not the whole number. In the end they are going to send the details I needed by snail mail to the address they have for me.

I'm new to this company as JP Morgan have transferred over their ISA funds as they no longer want this business.

That was my view, but not his.

Maybe its a different pin.

I mean though normally if you buy with plastic you need to disclose the 3 digit number to anyone. I only do this to well known companies which i have had dealings with before. There is though no guarantee of anyone not being able to find your data if they want to these days. Brian

plus net still do this

tim

I am not sure there is a great deal wrong with issuing a temporary password insecurely as long as you can immediately log in and change it. Isn't it a standard Linux way of doing things?

Ah. But the CVV proves that the card is in your possession. If you were to memorise it or -shock, horror- write it down, the whole security framework would crumble. Fortunately, criminals are far too honourable to even consider doing such a thing.

Nick

Have you ever had anyone (for a face to face transaction, not online or phone) refuse to accept a card with the the CV2 destroyed?

This was not given as an option. Maybe I should have been more inquisitive.

If I were the retailer, I think I would refuse on the basis the card had been 'tampered with'.

Well I do. And I destroy the CV2 on the card (harder than it seems). In theory it should never be noticed in C&P transactions.

CV2 is used for CNP transactions.

Nope. Mainly because the retailer never touches the card. (As advised by the banks themselves when C&P came out).

Any retailer that seems to feel the need to handle my card ... well doesn't.