One of my banks refused to talk to me over the phone and informed me to go to a branch with 2 pieces of ID. Fair, it was a credit card opened online.

Only to find the 2 pieces of ID were just for them to talk to me and ask for more documents. Rubbish like employment letters (uhhhh, how about YOU call my employer instead of me printing out the “letter” they’ll email me?) or tax return stuff mid-year.

I cut up the credit card and mailed the pieces to their legal department. Someone called me pretty quick and without any authentication hassles.

This is very much my experience.

I generally say at some point before terminating the call "you should not train your customers to give out account access credentials to strangers" and the caller usually has no clue what I mean. Does no one in the security teams have theory of mind?

This will be the way I bring up the issue with the regulator if I do. I can think of many ways round this issue that would be much safer and not especially arduous.

That’s wild. If my bank needs something from me they send an email saying that a message is available in the online portal - or in some cases they send me a physical letter. Anything else would be highly suspicious

Just don’t answer the phone. If it’s something important they know how to reach you, or they can leave a voicemail.