In my continuing existence as a crash-test dummy for customer service, I attempted to make use of my credit card provider's shiny new online activation system. It asks you for the CVV from the back of the card, plus two random letters from your mother's maiden name - or, I presume, some other thing related to your security question. Predictably - for me, anyway - it didn't work the first time I tried it. I tried again just now and it asked for the 12th and 13th letters of said name. The name in question isn't nearly that long. So, I resorted to phoning the callcentre to activate the card, in passing confirming that they do in fact have the correct name on record, and I've just now offered this as a bug through their online contact system. Really, how hard can it be to test something like this before you roll it out?
update: it turns out that they'd somehow entered the name into the system TWICE, and lost a letter along the way. Excellent.