Sorry, but I'm still not sure I follow you...
Are you saying that if a person is able to successfully log in to their online account and get the PIN, that have been sufficiently authenticated so that when they give the PIN to the phone rep, it proves they are the rightful account holder, but that the phone rep knowing the PIN is okay?
But what is the difference between the Rep seeing your password and seeing your PIN in plain-text?
There is no difference!
BTW, to rewind for a second...
At the beginning of this thread, I stated that my friend called his bank about his credit card, and the phone rep gave out the first letter of his password.
I think that is a bad idea, and several people here agree with that.
But as far as it being a bad idea that the phone rep can see your password in plain-text, I have to ask this...
Most banking phone reps can see:
1.) Full Name
2.) Billing Address
3.) Last 4 of your SSN
5.) Mother's Maiden Name (maybe)
6.) Other sensitive info
All of that is displayed in plain-text on their screens as well.
If you, or whoever brought it up, thinks that letting a phone rep see your "password" in plain-text is a bad idea, then by that logic, a phone rep shouldn't be able to see things like #3 - #6, right?
And to your point above, they should not be able to see your PIN.
See the contradiction?
All of this security stuff is a trade-off, I suppose. But what caught my attention, what the fact that a phone rep would help you figure out what your "secret code" is?!
I trust that a banking phone rep has been properly vetted, and so they have to be able to see some of your private info. But to give out that info to someone who has not been authenticated - or who even has been authenticated - is a horrible idea.
It's one thing to say, "You secret code is your pet's name" and quite another to say, "Your password begins with a 'T'..."
Anyways, this is an interesting discussion!