In modern society, many financial transactions are now performed electronically, e.g. using credit or debit cards, by performing transactions over the Internet and/or by using mobile telephony protocols to name but a few examples. The authenticity of such transactions is typically ensured by the use of some verification data that can only be known to the user, e.g. (selected characters from) passwords and so on.
Nevertheless, such transactions can be sensitive to fraud, e.g. because credit or debit card details have been stolen or because the security of user authentication information has been compromised. Fortunately, many financial institutions, e.g. banks, perform rigorous security checks on most financial transactions, and contact a customer in ease a particular transaction cannot be trusted. Such, contact is typically performed by telephone, with the call being initiated by an employee of the financial institution asking the customer to divulge details of the customer's security information in order to verify the identity of the customer.
However, such contact itself is susceptible to fraud. A customer may be contacted maliciously over the telephone by a caller posing as an employee of a financial institution in order to obtain the security details of the customer with the intention to defraud the customer by engaging in financial transactions using the customer's funds. It can be very difficult to detect such malicious calls. The caller ID may be withheld, or may be fraudulently altered (spoofed). Although a vigilant customer may verify the identity of the caller by requesting a phone number that the customer can call back and subsequently contact the financial institution to verify if the provided phone number can be trusted, this is rather cumbersome and does not avoid the risk of a customer erroneously trusting the identity of a malicious caller.
Attempts have been made to facilitate the recipient of a call to establish the authenticity of the caller, for instance, a service that handles incoming telephone calls without bothering the telephone subscriber. The service permits a call to go through to a subscriber if the service determines that the call is not unwanted and the caller has been unauthenticated. The authentication is based on challenging the caller to prove its identity rather than relying on caller ID displays. Prospective callers pre-register with the service providing caller account information. When a caller is issued a challenge, the caller may prove its authenticity by supplying the challenge back to the service along with its registered information. Although this service avoids a subscriber being subjected to unwanted and fraudulent calls, a disadvantage of this approach is that it requires active implementation by a service provider and several process steps before a caller can be connected to a subscriber.