How does having to enter the same account information twice in the same session prevent unauthorized access? If an unauthorized person knows my account number, they can easily enter it twice.
And if the account number doesn't exist or doesn't match the name, they know immediately that one or the other was mis-entered.
Automated dial/entry, handoff to an operator, especially in high-volume attacks. Verbal repetition requires greater process coordination by the attacker.
Cues such as hesitation, discomfort, etc., may also be present.
The far more prevalent case is likely simply to guard against mis-keyed digits.
Similarly in heathcare, virtually every caregiver handoff involves asking for name and DoB. For the caregiver this helps confirm they are (literally) on the right page (patient record). Patients may see this as tedious.
>>Verbal repetition requires greater process coordination by the attacker. Cues such as hesitation, discomfort, etc., may also be present.
Actually no... The most effective Social Engineering attacks are ones with simulated chaos going on in the call, and simulated high emotions by the caller..
There is no evidence or actual theory making a person repeat the same number over and over again does anything about annoy legit callers
This sounds very much like security policy created in the same manner of "everyone must change their passwords every 30 days" which we know now makes things LESS secure not more.
>>The far more prevalent case is likely simply to guard against mis-keyed digits.
Again your data input validation should be taking care of that before you ever reach the agent in the first place
Using chat for support. The first thing it asks is "Please explain why you need assistance"...
I fill it in with all the pertinent details...
Then, when the support person finally comes online their first or second message is: ...and how may I help you today?