MBNA's lax attitude towards security
Today I received a copy of the PIN for my MBNA credit card in the post, despite not having asked for it.
In response, I've cancelled my account, and reported their incompetence to You and Yours.
I suppose I shouldn't be all that surprised, since MBNA have a habit of randomly sending out unsolicited cheques (which also has worrying security implications), but I actually found it quite shocking to see the PIN that I'd chosen printed in clear text.
Obviously, in the first instance they generate a random PIN, and print it out, but I was rather hoping that their systems would be set up so that that random PIN, and certainly any PIN subsequently selected by the customer, would not be available in clear text at any time. If I forget my PIN, they should generate a new one, not remind me of the old one. They should not be able to remind me of the old one.
The two people I talked to seemed surprised that I would cancel an account that I've had for about 13 years over a single PIN in the post, but given that that's their policy, I don't think it's a massive leap to think that a corrupt postman might be tempted to collect these PIN letters (which are pretty easy to spot and most of which are not being expected, so won't be missed). Then, assuming that a reasonable percentage of people will match MBNA's laxness by setting all their PINs alike, the criminals will be armed with all the information they need to do a targeted mugging for the card(s), with an average return in tens of thousands of pounds, especially if they hospitalise/kill the victim to ensure they don't get to cancel the cards.