In this world of online fraud, the last thing I would expect from a financial services company, when calling for customer service, is to be asked for my online password as a means of verifying my identity!  This company assured me they were who they said they were, for I did dial their number.  Yet, with Web sites being spoofed these days, and VoIP on the rise, who says that you can’t spoof phone numbers as well?  So, after I refused to give an “in the clear” password over the phone, they said they’d have to transfer me to their “identity verification service.” 
After a long wait, I was finally connected with their fraud unit.  Now, that was interesting.  After presenting my case, they asked what phone number I was calling from.  I gave them my number, still finding it pretty dumb as they could have easily looked at the caller ID.  They acknowledged that the number I provided was, indeed, a number they had on file, so I was then instructed to hang up and they’d call me on that number. 

When they did, I asked again, “Why in the world do you ask for passwords?”  Their response was that they have found this is more secure than asking for a social security number and has significantly decreased fraud.  That’s scary!  How in the heck would they know that?  Maybe they have a clearer conscious against identity theft by not asking for SSNs, but what if the password to my credit card account online is the same password I use to identify my credit card or financial account password vault?!  I graciously asked that they refrain from this “worst practice” and consider some other two-factor approaches.
Sad that this whole encounter with identity was only to get me to a point where I could finally tell them why I was calling.  I had recently disputed a credit card charge (online) but was calling to say that the charge was valid after all.