I got a call claiming to be from my Discover Card. The caller asked me if I wanted to make a balance transfer at an attractive rate. I said, "Sure, but I won't give you my credit card numbers since you can't authenticate that you really are Discover Card."

Triumphantly, the agent told me the last four digits of my credit card number, my "member since" date and my last transaction. While this does indicate that the caller has access to my bill or account (or did at one time), it does not authenticate them as Discover Card because they could have stolen a bill from my mailbox.

More insidiously, they could have dialed a wrong number or a house guest or sitter could have picked up the phone. They did not authenticate me before giving me the personal information that they were so proud of. Not that they could have authenticated me since I would be reluctant to provide any personal information to someone who I did not already know was authentic and authorized.

I asked if there was a way to contact them through my number on the back of my card. They said no, but "I can make a notation on your account and customer service can verify its authenticity and you can call me back on a separate number." While just possibly securely authentic (if the employee isn't steering me to an illegitimate outsider), it requires me to make two calls. Why not just call the credit card directly and speak with someone else? I could, but my guy would have trouble getting a commission on the transaction. Maybe they should arrange for a share of any transfers I initiate in the next few minutes or ask for me to do a three-way call to my issuer.

I like checks better. They only go back to the offering party after they have been cashed and even then there might not be any evidence of what account I paid off.

I spent 1985-2000 close to IBM's "crown jewels" corporate software. Coming in with only outdated mini and current PC experience, it was a revelation to learn about, e.g., DB2 as compared to 1985 PC database products, and watch the latter on their long and often painful climb towards minimum corporate standards.

Your story suggests that at Discover, there's a long and painful way to go before even the fundamentals of security w/r/t account info are driven from IT (assuming they have a clue there(?)) to the telemarketers.

Sounds like another reason not to have a Discover card....

I still have nagging doubts that those people were from Discover. OTOH, they may have been willing to waste time in a way that a conman wouldn't.