Are you sure of this? The CSR could also be comparing the hashed/bcrypted/whatever version of the password you give them over the phone to the hashed/bcrypted/whatever version stored in the database.
Given they do this sort of thing, even if they did do fancy hash comparisons when I called them, they still have people's passwords hanging around in plain text elsewhere on the system.
Given they do this sort of thing, even if they did do fancy hash comparisons when I called them, they still have people's passwords hanging around in plain text elsewhere on the system.