We have all experienced phishing attacks (Calls for a change in data law grow, 14 July). Ah yes, one thinks as one opens the mail, I bank with you therefore I will gladly share my personal details, PIN number, date of birth and mother's maiden name with you.

How many times have banks stated that they would never seek anything as personal as a PIN number? Why should the banks always be made culpable when sometimes the actual issue may be the consumers themselves.

I understand that this is not necessarily always the case, but on some occasions, the naivety of the individual customer should come into the equation.

Mark Elkins, SAS UK