Verification for Customer Support Using 10 Digits of Credit Card?

• 

  Cheapkiwi on 12/07/2025 - 18:23

  No..
  NO

  • 

    Bill on 13/07/2025 - 05:50

    That was my initial reaction as well. But sounds like it's all safe.

• 

  CheapAzChips on 12/07/2025 - 19:44

  It's slightly unusual that you would be asked for all those digits, but first 6 and last 4 is indicative of a common (but somewhat outdated now) "masking" scheme. Digits 7-12 are replaced by an asterisk, so the full card number is not visible to employees. These days best practice is to not allow any card details to be visible to employees (eg by taking card numbers by automated phone methods), though typically you'll still usually see the last 4 digits printed on most EFT receipts.

  The main thing here is that you shouldn't give anyone any details to "validate your identity" unless (a) you are certain they already have the info on file, and (b) that the person on the other end of the phone is actually who they say they are. If they called you, hang up and call them back on a verified number.

  If you called them on a legit number (not a random one texted/emailed to you) and you know they have your card on file then giving them those numbers probably isn't too much of a concern, however odd it might be.

  • 

    CheapAzChips on 12/07/2025 - 19:45

    Sorry, just reread your message that it was Skinny chat. Same thing applies. Odd, not best practice, but probably safe.

  • 

    Bill on 13/07/2025 - 05:47

    Being asked for the last 4 digits of the saved payment card is very standard to verify your identity. It's visible everywhere it's saved so you can know which card it is. What threw me off is the first 6 digits, I've never been asked for that before. It's also not visible on my account so I don't think they should be able to see it either. I don't know why the last 4 digits isn't enough to verify I'm the account holder.

• 

  tehyitz on 12/07/2025 - 21:06

  First 6 would only reveal the card issuer… personally I wouldn't mind for purpose of refunding.

  • 

    Bill on 13/07/2025 - 05:42

    Thanks, sounds like it will probably be fine then.

• 

  Bill on 13/07/2025 - 05:40

  A different person this time responded, and doubled down on asking for all 10 digits after I gave them the last 4. Two people asking for the same thing makes me feel more comfortable that this is at least somewhat standard practice.

  https://files.cheapies.nz/upload/11645/5624/1000145470.jpg

• 

  kiwical on 13/07/2025 - 08:36

  Yeah I guess if someone else had access to your account they would be able to see the last 4 themselves. First 6 adds another layer of security not normally visible to anyone but someone who had all your card details. IE only you (hopefully)

  • 

    Bill on 13/07/2025 - 10:57

    If someone else had access to my account they could put their own card on there themselves.

• 

  2cheap on 13/07/2025 - 12:03

  I rang a big bank a few years back and support asked for my pin. I said no and got put through to an automated confirmation portal. Was a very odd experience. Yours sounds safer as others have said.

  • 

    Drcspy on 13/07/2025 - 14:24

    There's NO way I'd give out a pin number - even to the bank.

    • 

      2cheap on 13/07/2025 - 14:28

      That's what I said. 'you state don't give pin to anyone, so no'. He sighed and put me through to the automated system. Bizarre request.

      • 

        Alan6984 on 13/07/2025 - 16:33

        That's what I said. 'you state don't give pin to anyone, so no'. He sighed and put me through to the automated system. Bizarre request.

        Sounds to me like the CSR was acting well outside of the bank's SOPs.

        You might have had a brush with a 'Rogue Agent'!

        • 

          Jexla on 13/07/2025 - 21:24

          @Alan6984: Might be a misunderstanding. I know with ANZ you can (maybe could) have an account PIN that has nothing to do with your cards PIN.

          • 

            Alan6984 on 13/07/2025 - 23:15

            @Jexla:

            Might be a misunderstanding. I know with ANZ you can (maybe could) have an account PIN that has nothing to do with your cards PIN.

            Okay, but then wouldn't the PIN entered into the automated system (that 2Cheap was transferred to) have failed as it would be the wrong 'type' of PIN?

            • 

              Jexla on 14/07/2025 - 09:33

              @Alan6984: Depends if you make your account PIN the same as your card PIN I guess. 2Cheap also didn't even mention if it failed or was accepted, so you're actually just assuming. Either way, putting your card pin in via the automated system of the bank who issues the card is not at all concerning.

              • 

                Alan6984 on 14/07/2025 - 10:30

                @Jexla:

                2Cheap also didn't even mention if it failed or was accepted, so you're actually just assuming.

                I think we can credit 2Cheap with at least a modicum of intelligence, and that they would not have brought all this up, if the PIN they got asked for was not, in fact their card PIN, but a different 'account PIN' that was used for this exact purpose.

                • 

                  McFarty on 15/07/2025 - 17:29

                  @Alan6984: The way you respond to any curveballs is worth a praise.

                  • 

                    Alan6984 on 15/07/2025 - 19:51

                    @McFarty:

                    The way you respond to any curveballs is worth a praise.

                    ;-)

• 

  2cheap on 14/07/2025 - 13:20

  I did not have an ID pin setup, IIRC they were asking for a card pin. I declined and got put through to an automated system to identify myself. All normal after that. I had dialled in to the call centre so I didn't just hang up on them.

• 

  AaronP on 15/07/2025 - 08:01

  Skinny are all sorts of "not best practise" (I'm being polite) but thats how they do ID checks, you can say no and select one of the other ID options like Mothers maiden name etc