Re: They shouldn't encourage you to give out your 'security' data so easily
The best thing to do is to ask them for a hash of your account balance, salted with the current date and time. Proves that they are the bank (or at least that they know your balance) but is useless to any attacker so the bank should have no security issues with providing it.
Realistically if I go to pay for something and the card machine pauses on authenticating then my phone rings, I believe it's the bank. I've rarely had them ring me up in other situations, why would they? If it's not time critical it's cheaper for them to send me an automated email than pay someone to talk to me.