Exactly. Banks need to be aware that data protection goes both ways, and they should teach their customers to check the identity of any bank employee calling them. Training users to give out personal details to people calling them is exactly the wrong thing.
