Rather than verbally stating a passphrase, enter a PIN number for support line authentication
Currently when phoning in to the support desk customers are asked to state their account number and passphrase. This is done verbally.
The assumption being made is that no one else is within ear shot. I think this is a very weak assumption, and given that these credentials give full access to the system (effectively), this is actually a very significant security oversight.
Please consider allowing customers to enter a PIN on the keypad. This would alleviate the issue.