No bank (where I'm from) will do such a thing by the phone.
Piru's bank sounds similar to mine. When I log in to my bank, I have to state my birthdate+social security number (DDMMYYYYxxxxx), my personal password and the current validation code from the bank (four digits, changes for every login). These codes are either snailmailed to you, or generated using your credit card and a hardware dongle.
Then, when you're about to commit a transaction, you have to punch in another validation code from the bank.
I think your odds are better looking for an exploit of some sort.
