Secure communications?

I received a phone-call early Saturday morning from a young lady:

"Hello, can I speak to Daniel Zambonini please?"

"Speaking"

"Hi, Mr. Zambonini.  This is [name] from [bank name].  Can I just confirm some security details?  Can you tell me your postcode and date of birth please?"

"[my postcode and date of birth]"

"Thank you Mr. Zambonini. ..."

We then proceed to talk about my credit cards.  Nothing too specific, but still, I was at this point talking about my credit cards to a complete stranger.

It turned out that it was my bank, but still...   I had not questioned the callers credentials, she had only questioned mine (and then, still only with obvious, publicly available information).  After the initial 'security confirmation', I was compltely convinced that I was talking to my bank, and could easily have given away account or card details.

At this point, it occured to me that my bank should not have phoned me, the contact should always be the other way - especially as they were only phoning to sell me stuff; it wasn't critical.

I was at this point angered enough to decide to send an email, requesting that my bank - and, what the hell, all banks - should never initiate contact over the phone with their customers.  If it is essential, then there should at least be a small attempt to confirm who they are (possibly a pre-arranged challenge/response, or similar).  My email would tell them!

When I got to work on Monday, apathy had set in, and I decided not to send an email.  But I pity the next salesperson to phone me.