Thanks for the best answer Canary :)
Rowanwitch, any legit bank won't tell you that information (direct debit) unless you pass through security, however you make a good point, if the scammer does try to guess one, that alone will prove that the caller is not from the bank.
The password system isn't something that the bank or other businesses (the majority anyway) like to advertise, which to me is ridiculous. I think that all banks and other businesses should have such a password system. It's a perfect way to increase security and most systems, if not all, would allow for it.
My OH and I are scam baiters; everything from telephone calls, emails and text message scam baiting. There's nothing nicer than wasting a scammers time.