@Nuke
"They totally ignored her letter telling them the change of address because anybody could have written it."
Well, yes, you'd have been f***ing furious if they'd changed her address because some nefarious person had written to them. It used to be the most common way of defrauding an account back when I worked in a branch (yeeeaaars ago). Not to mention that relying on a letter sent (presumably) unregistered with no guarantee of delivery and assuming "job done" isn't the best technique for changing your address. I take heart in the fact that my bank (not Barclays) only lets me change my address in person or over the phone subject to the normal ID procedures.
Besides, I'm guessing the statement was about *online* security..