Certain industries and companies employ one or more telephone systems for purposes of conducting sales, customer support, providing interactive services, and the like. For example, a banking institution may provide phone-based account services that provide customer access to a live bank representative, access to an automated interactive voice response (IVR) system or a combination thereof. The identification of the caller must be determined and verified. Conventionally, such verification includes user input and/or verbal exchange of verifying data, such as a government identification number, mother's maiden name, account information, past transaction details and the like. However, this manual exchange of data takes time and resources, and thus multiplies the costs of the provided services. Moreover, because every subsequent authentication exchange may involve communication and remote storage of personally identifiable information, it multiplies a user's risk of identity theft and exposure through data breaches.
In other instances, an institution may provide computer-based account services that provide customer access to banking services, in which user or client device verification includes an exchange, entirely over a data channel, of verifying data such as a user name and password. However, this approach is impossible without access to a data channel. Moreover, a fraudulent user can bypass the security aspects of a data-channel approach by spoofing a legitimate user's phone number and calling the institution, claiming that a data channel is unavailable or not working, and then verbally providing account details obtained elsewhere. Even in authentication systems that offer two-part authentication, where the institution provides a one-time passcode via email or phone call, the exchange of information requires a data channel, and requires additional delay for receipt of the passcode and user entry of the passcode.
What is needed is a system that efficiently—and securely—exchanges authorization data, minimizing or eliminating the need for a customer to verbally or tactilely provide authentication data, while enhancing the reliability of authentication.