Security Crisis #94: "Can I have the long number on your card?"

I recently experienced what is probably an everyday occurrence, but it still rather shocked me.  I was on a packed commuter train when a young lady made a phone call, talked for a bit about some purchase she had made, and then proceeded to rattle off all her personal information: name; address; date of birth; credit card details. 

Anyone in our carriage could have taken down those details and gone on a wild spending spree - and with the ubiquity of mobile internet probably cleaned out her account by the time she got off the train.

There should be just as many rules, and equally strict penalties, for companies that allow customers to read out their details over the phone as there are for online card payment transactions.