I just had to blog this straight away - seriously it has to be the funniest, stupidest, so-called "security" measure, like evarrr!
I use Vodafone as my mobile phone service provider and my phone service contract is up for renewal shortly. I fought my way through the takeoption1thenoption2thenoption4 mindfuck I eventually got to a human being. I then went through the half dozen who are you questions all bar one of which were on my statement and the last one of which was my birthday. D'uh - like that's hard to find out!
Before I even got to the "lets talk about my contract" bit I was offered Vodafone's "PIN Service". "What's that?" I enquired. The young lady then explained that it would give me quicker, more secure access to my Vodafone account than going through all the questions she had to ask me.
Great I thought - at last they are stepping up the security on my account. Excellent. About time too.
So, without too much more thought I said "Yes please, that would be great". So the young lady at the end said "What is it?"
I'm sorry, I replied, what do you mean? Do I have to give you my PIN? Yes, she said. I have to key it in to the system.
I must confess to laughing at her for this - I know it's not her fault and I told her so - but giving a PIN number over the phone just made me giggle. Now, I am sure the lady I spoke to is as honest as the day is long but please - a manual service for PIN number management? Let's take an example:
She has all my details in front of her. She now has my PIN. She has God access with that information. She, any of her colleagues or people outside could call back in, get information out (e.g. how I pay my account each month) and then off they go. Phishing expedition without a problem. Oh and if you, like me, have all your cards controlled by a single PIN then the options become fabulous for a criminal.
Come On Vodafone - weak effort. Do it like the banks. Send out a PIN in the post and let us change it through the call centre system. Very Weak Effort so far.