Re: How to authentificate an user via telephon?

[Brad Arlt <arlt () cpsc ucalgary ca>]

On Wed, Dec 04, 2002 at 11:05:22PM +0500, Muhammad Naseer Bhatti wrote:
> What my credit card company has done, when you call their
> help/support desk for any assistance, they first authenticate
> you. They do it by letting you enter your secret pincode into the
> system. The computer authenticates the code and thus you are
> authenticated. Then the operator manually fulfills your request. I
> think this may work out for you as well.

This jogs my memory, one of my credit card companies verifies the
correct person got the card by having you phone from the phone number
you specified on your application.  They do this for other things as
well (not cancelling the card, thankfully), such as inquiring about
billing information.

Depending on the silliness of the phone numbers placed on your
application forms (or whatever you want to call them), maybe mother
maden name and they are calling from the "correct" phone number.  This
would prevent the need for call backs to verify identity.  You could
even tie in the phone number with customer records such that they
appear automatically when the phone rings.  But that is beyond the
scope of this thread :)
-----------------------------------------------------------------------
   __o          Bradley Arlt                    Security Team Lead
 _ \<_          arlt () cpsc ucalgary ca                University Of Calgary
(_)/(_)         I should be biking right now.   Computer Science