Comment by DamonHD

This is very much my experience.

I generally say at some point before terminating the call "you should not train your customers to give out account access credentials to strangers" and the caller usually has no clue what I mean. Does no one in the security teams have theory of mind?

This will be the way I bring up the issue with the regulator if I do. I can think of many ways round this issue that would be much safer and not especially arduous.