I wonder if there's some kind of protocol one could use to satisfy both ends of the call that the other end is legitimate ? For example, we (caller and called person) are going to read out your bank account number and govt ID number, one digit at a time, taking turns. Maybe same with amount of latest transaction in the account. That way, we end up both being assured that the other knows the numbers too.