I sent Peoples Federal Savings Bank the following message through their Web site on June 11: I have just used your new telephone banking system, which I assume was introduced as part of the computer conversion this past weekend, for the first time. I am very disappointed, both with the way the rollout of this new system was handled, and with some of the new system's functionality. Using part of the customer's social security number as an initial security code is astoundingly poor security. This means that if someone gets their hands on a customer's account number and social security number (which can be done, e.g., by getting a copy of the customer's credit report, which is all too easy to do, or by digging through the customer's trash, or even by stealing the customer's wallet and getting the SSN right off of his driver's license!), he can manipulate that customer's accounts however he wishes through the telephone. The whole point of a PIN is that it is supposed to be a secret that is known only to the customer and the bank; a social security number just doesn't qualify. As someone who works in the field of computer security, the fact that you considered this an acceptable thing to do shakes me confidence in your ability to protect my private information, to the extent of making me consider taking my business to another bank. Perhaps it is appropriate to use the last four digits of the costomer's social security number as a temporary PIN when creating a single new account. But when you use it for the PIN of *every* account, anyone who finds out about this (i.e., all of your customers, the first time they use the telephone banking system!) can take advantage of it to compromise other customers' accounts. I hope and pray that this conversion didn't also change customers' PINs for ATM transactions. If it did, then anyone can steal a customer's wallet and use his ATM card plus the SSN on his driver's license to withdraw money from his account! Why weren't we notified in advance that the conversion would change our PIN? You didn't enclose any notification in my monthly statement. You didn't post any notification in the bank (at least not as of when I was there last week). This is simply not acceptable. The system told me to enter the last four digits of my social security number if I was using it for the first time. However, it didn't then force me to immediately select a new PIN which is *not* part of my SSN. I had to do this manually. This is almost as bad a breach of security as using the SSN in the first place; if you must use an insecure PIN temporarily during a conversion, the least you can do is make people change it as soon as possible. When I changed my PIN through the telephone banking system, the new PIN I entered was effective for *all* of my accounts, not just for the one account whose number I entered before changing the PIN, but the system didn't tell me this. It should have. When listing the types of accounts about which account information can be retrieved, the first choice is "checking," but it really means "checking or money market." It should say so. The old system did. In the old system, when you requested a transfer and it repeated the information back to you for confirmation before doing the transfer, the first piece of information it gave you was the amount of the transfer, which makes sense because that's the only piece of information that's likely to be incorrect (after all, the account numbers have already been verified by the system). The new system repeats both account numbers in full before giving the amount. This is a silly waste of time. It should repeat the amount before the account numbers. The old system's confirmation numbers were eight digits long. The new ones are ten digits long. That's just too long. In the old system, I never had to ask the system to repeat a confirmation number; today, I did. I can't imagine that you have so many transactions going through this system that the confirmation numbers need to be that long. It's unreasonable to force human beings to compensate for design defects in computer systems -- the system should be designed in such a way that shorter confirmation numbers can be used. Consider, for example, that when I call my health-insurance company (Blue Cross Blue Shield of Massachusetts, which I'm sure you know is very large), the confirmation numbers they give me are only five digits long. Several of the voice prompts in the system say "PIN number," which is redundant. Say either "PIN" or "personal identification number," but not "PIN number." Thank you for your time.