Don't think about it as not trusting, it's "Trust but verify".
Try to imagine such a scam being pulled and now the company has to answer questions on "why weren't further verifications done? So anyone with a benign number can just do whatever with my account?"
I'm sympathetic to the annoyance of long phone queues but this extends to the support teams that can do everything "right" and still end up raked over the coals because they got social engineered by a scammer or a customer shared what should have been a secret a bit too publicly.
I've dealt with both sides of the concerns in previous jobs in Support orgs, and there is rarely middle ground between "Why do I need to enter the information repeatedly?" and "Why did you work with this person just because they gave a correct number? Our private information may have been exfiltrated!" The latter is better to optimize for IMO as the worst result of failing on the former is that you get complaints. Failing on the latter means a potential data breach incident.
Scam-detection training is done typically for support teams, but it's not perfect, and often a few sanity checks are enough to catch or stop most scams and ensure you're talking to someone actually authorized to be contacting regarding the information.
For analytics, reducing load on call centers by servicing common requests via IVR, call routing, improving call readiness times —- it takes time to find/lookup accounts.
The most critical metric for customer service focused call centers is first call resolution. Customers who call in for the same issue or department on the same day are tracked via the IVR and those metrics are used to decide what the IVR should actually do.
They're probably optimizing your initial rank in the queue depending on perceived customer value/risk of churn. It's OK for this to be wrong occasionally, so the quality of implementation probably matches this requirement. ;-)
But I agree wholeheartedly. It should work and make things smoother. Instead it makes an already painful customer care experience worse.
Try to imagine such a scam being pulled and now the company has to answer questions on "why weren't further verifications done? So anyone with a benign number can just do whatever with my account?"
I'm sympathetic to the annoyance of long phone queues but this extends to the support teams that can do everything "right" and still end up raked over the coals because they got social engineered by a scammer or a customer shared what should have been a secret a bit too publicly.
I've dealt with both sides of the concerns in previous jobs in Support orgs, and there is rarely middle ground between "Why do I need to enter the information repeatedly?" and "Why did you work with this person just because they gave a correct number? Our private information may have been exfiltrated!" The latter is better to optimize for IMO as the worst result of failing on the former is that you get complaints. Failing on the latter means a potential data breach incident.
Scam-detection training is done typically for support teams, but it's not perfect, and often a few sanity checks are enough to catch or stop most scams and ensure you're talking to someone actually authorized to be contacting regarding the information.