Over a decade ago, I worked in a bank call centre, first as one of the people who would occasionally make those outbound calls and have those crazy conversations, and then later in their customer experience team. It was well known that those outbound calls to customers were a mess, but it was thought of as tricky to fix. The dilemma was that the risk department felt they needed to identify people, but not only were those people often hesitant to provide any info, we wanted them to be - for everyone else who called them, but not for us.

It was also difficult that when people asked whether they could call back, we encouraged them to, but couldn't guarantee they'd then speak to the same person. They'd need to just talk to whoever they got. That was usually enough to put the person off and they would just take the risk (unfortunately).

Edit: Just wanted to add that I personally didn't want the people to make an exception to their unknown caller scepticism. Perhaps this bugged me more than others, but I would strongly encourage them to call back, and then do my best to get the call-back transferred to me. For that and many other reasons which I like to think of as preferring quality over quantity, my stats were as bad as you'd imagine!

When that bank did really try to tackle this issue, they quickly realised that there was more than one level of risk, and for the vast majority of the calls, we could get by with very little of that customer verification process - basically just that we had called them on a number they had provided, and they stated their name (which I think was more as a recorded verification that they were at least stating they were the correct person). For the much smaller number of outbound calls with more risk, we could then ask the person to call back. Once the risk peeps were on board, it was vastly improved fairly easily.

I'm not in that space at all now, but it seems far easier than it was back then. A few banks I'm a customer of send notifications right into the online banking app, which the customer approves, confirming that they at least have access to that. I don't know what they do if you don't have the app installed. I do find it a little sad that it is yet another thing pushing you to need a smartphone (and to install yet another app). On the other hand, I think all of those banks require me to have the app to use as an authentication token to do any kind of online banking even on a desktop browser, so if you're going to do that, may as well take advantage of it everywhere.