Some banks have removed a piece of ID (a secret number) on bank cards so users can change their PIN remotely by phone instead of requiring a visit to the bank.
Unfortunately this has led to increased frauduent cards being made by criminals:
http://news.yahoo.com/s/pcworld/20050803/tc_pcworld/122079

Looks like banks are a slow to pick up on security issues as M$ has been...I suppose when you work 35 stories above the rest of the world in the board room of a multi billion dollar corporation maybe you tend to lose touch with reality...let's see...you never rub elbows with the people who have to pay those new fees you just voted in, you rarely even see them through the black tinted windows of your limo, you haven't walked down the street and taken a good look at the people your decisiions affect, all you ever see is your own bank account and it's not growing as fast as the CEO's...

Well, I've always had a bad attitude about large corporations, especially banks. I left Regions (formerly Nations) Bank when I closed my account for a month then re-opened it soon as I moved and got a new job. They wanted to hold the check for 3 weeks that a relative sent me for gas. I'd had the account for 7 years without one bounced check, (but 3 that were the bank's fault) and had cashed checks on the exact same account several times. When I went down the street to a check cashing store (and paid them a percentage) they simply called an 800 number and verified the account, handed me the money. Why couldn't the bank do the exact same thing? They could, they WOULDN'T. One simple call to a toll free number that took all of 1 1/2 minutes...at most...and they lost a long time customer because of it, I decided I'd had enough.

They had also started charging $3 for 10 blank checks, $1 each for write-in deposit slips (but they only put 5 in your checkbook no matter how loud you gripe) and the people in San Antonio made no attempt at being friendly, they were all business, give us your money and shut up...After 7 years with Nations bank they also denied a small loan to buy and fix up a car because I didn't own my own home and didn't make enough money. HUH??? You mean if I make enough money I don't need the loan I can get all the credit I want...The guy said "Well, that's not what it means"...I butted in and told him to quit lying to me, tore his loan application up, threw it on his desk and told him to put it where it wouldn't get a suntan...No I didn't cuss the guy, "where it won't get a suntan" were my exact words...I think that THUNK I heard as I walked off was his jaw hitting his desk...

I don't think the people who run banks, especially the larger nationwide ones, have a good grip on reality at all. Letting people change PIN numbers by phone is a very bad idea, I think it's just begging for trouble...

Here's a good comparison, I'm wrapping up things on a computer job and I have to call Cox about Email problems, it's not taking the customer's password, Thunderbird or OE, the customer can't remember it so we want to simply change the password and make sure we have the correct one. I'm on the phone with the customer standing beside me, 6 feet away, I have his account number, address, phone number and last 4 digits of social security number written down, so I can assure them I am authorized to access this account...the lady who answered the phone wanted to talk to the customer anyway...Now that's not taking any chances...she could have easily gotten that information from me and taken my word for it I was legitimate. Other tech support people have done so, and of course I was always sitting beside the customer, so it was never an issue.

Changing PIN number should be the same as any other changes in account information, in person ONLY...otherwise you make it easier on the bad guys, who WILL figure out a way to exploit every little glitch.

the lady who answered the phone wanted to talk to the customer anyway.
And how did the lady know that the person you put on the phone was the real customer???

How do you know I'm a real person? anyway.... :D

You have to take someone's word for it sooner or later...but if the customer knows his name, address, phone number, business address and social security number, not many common crooks manage to get that much information. Usually they might have a name and phone number, probably address, but the average crook wouldn't know that this man has all his bills sent to his business address, or that the address on the account was his business address, or other details...And you won't get past the dog to dig in his trash can so don't even think about it...