His real problem seems to be they sent him his PIN when he didn't ask for it.
As for sending the PIN in the mail, sometimes people forget their PIN. He lists three forms of communication he claims are more secure: voice, fax & inbox on the https site. Banks can more easily verify the mailing address because it's easier. At least with that you've got a mailman checking that the name matches the address. I realize that's not foolproof, but what is? It's easier than trying to verify a phone or fax number actually belongs to the right person. And with https, not everyone owns a computer, but it's rare for a bank opening an account for someone without a fixed address. Even when account statements are sent to a P.O. Box, they generally ask for a physical address for their records.
All three can be secure if there's proper authentification, but again, if he didn't need or ask for it in the first place then that's the real problem.
Edit: another problem with voice is the the bank employee on the other end of the line has to be able to see the plaintext PIN to speak it. Banks I have worked at strictly limited the number of people with access to that info, you couldn't just walk up to a teller and have them look up your PIN, for example.
As for sending the PIN in the mail, sometimes people forget their PIN. He lists three forms of communication he claims are more secure: voice, fax & inbox on the https site. Banks can more easily verify the mailing address because it's easier. At least with that you've got a mailman checking that the name matches the address. I realize that's not foolproof, but what is? It's easier than trying to verify a phone or fax number actually belongs to the right person. And with https, not everyone owns a computer, but it's rare for a bank opening an account for someone without a fixed address. Even when account statements are sent to a P.O. Box, they generally ask for a physical address for their records.
All three can be secure if there's proper authentification, but again, if he didn't need or ask for it in the first place then that's the real problem.
Edit: another problem with voice is the the bank employee on the other end of the line has to be able to see the plaintext PIN to speak it. Banks I have worked at strictly limited the number of people with access to that info, you couldn't just walk up to a teller and have them look up your PIN, for example.