I’m a long-time Citi Dividends card holder, and I recently received a new card in the mail.

I called the number provided on the card to activate my new Dividends card, and after entering all of my information I was redirected to an actual live person to complete the card activation.

Credit card companies like to make you talk to a real-live person so they can sell you additional services – “Credit Protector” anyone?  And the fellow I talked to didn’t miss the opportunity – he told me how much Citibank “values” me (really! sincerely!) and wanted to make sure that I was “fully protected.”  But that’s another story.

The alarming thing about this call was that he asked for my “Account Password” before starting his pitch. He came on the line, verified my last-4-digits, and said, “And now I need the password that you have on the account?”

Alarm bells!  Why does this guy need my account password?  Don’t credit card companies bend over backwards telling you that they will never, ever, ever ask for your account password over the phone?

Sensing that something was amiss, I replied, “I don’t have a password on the account for phone transactions.”  He said, “Yes, I need to verify your password, it starts with a ‘P’?”  I quickly figured out that he wanted me to confirm my mother’s maiden name, which is attached to the account for security purposes, not my account password.

Why in the world does Citibank have their reps asking for the “account password” when they really mean “maiden name or other verification word?”  I can imagine quite a few people mistakenly thinking that they mean “account password,” and launching into an embarrassing (and incredibly unsecure) “It’s fluffykins12, but with a number ‘one’ instead of an ‘i’…”  And I don’t blame them one bit!

It’s a very confusing and potentially dangerous procedure.  By using the confusing “account password” nomenclature, Citibank is teaching account holders that it’s OK to offer your web password over the phone.  And enabling a foreign customer service rep to quietly keep a list of actual account passwords, for sale later to the highest bidder.

Citibank, change this practice now!