I'm assuming that by  'hits'  you mean scam calls.    I should perhaps clarify that the scam calls to which I'm referring are all on the landline.    On the odd occasion that I do check the mobile,  there will usually be an assortment of missed calls from anonymous or unknown numbers,  but I don't really care about that,  because it lives in a drawer ...!

What’s your bright idea to solve it?

How do you solve it original poster. Send 

BT sent me an 8 digit password, two characters of which I have to quote if either I call them or they call me. The problem is that if we follow the advice of having unique passwords, security questions etc, it's impossible to remember them.

An option would be for the customer to give BT for example, a word that they must quote when calling us to prove it's them. The problem is that it's yet even more words to remember.

Where BT is lacking is with the My BT app, there is no calling option as far as I can see from within the app, which would negate the need for security questions. It doesn't get around the problem of them calling us though. When they do call us they could quote what services you have, last payment amount, payment date etc, but the assumption is that we have to take it for granted that they are who they say they are.

Even the 8 character BT supplied password doesn't work because if a spoof caller calls me and asks me for characters 3 and 7 for example, they could just say yes that's correct and move on to discussing bank details etc.

The simple thing to do is ask yourself why they are calling you in the first place, unless you have an ongoing issue they shouldn't be contacting you.

To be clear:  I didn't set myself up as having any  'bright ideas to solve it',  far less did I expect to be pressed into providing them.    As I understand it,  the thread was moved from a different forum to this one precisely because it is a subject for discussion.    However,  this,  I feel,  throws into still sharper relief a point which I've made elsewhere,  which is that we as consumers have been lulled into believing that it it our responsibility to come up with solutions to problems such as this,  whereas in fact it isn't.

Back in the day,  this was never an issue.    If you got a phone call from any major company with whom you were dealing,  telephone / utility provider or otherwise,  you answered the phone and cracked on with the conversation.    If  -  and I do say  'if'  -  there is any official record of the extent to which that practice led to detrimental results for the customer,  I would very much like to see it.    But even then  -  bearing in mind that this is a telephone provider's forum  -  does it not seem contradictory that the same company who are asking us for our personal information in order to  'verify who we are'  when they called us,  are telling us in the next breath never to give out personal information unless we are 100% certain that the caller is legitimate?

I would go further:  the reason we are advised to be cautious about giving out personal details,  is because of the vast assortment of scam calls that many of us receive on a several-times-daily basis.    There are an assortment of methods of addressing that problem,  all dealt with in greater depth elsewhere on this forum;   but once again,  the reality is that it really shouldn't be our problem to address.    We as consumers,  in general,  do not possess the technical nous to be able to truly combat this issue,  and why should we?

If,  despite the warnings,  despite the countless different varieties of scam call,  you are quite comfortable giving out your personal details to someone who may or may not be who they claim to be  -  telephone provider or otherwise  -  then by all means do just that.    I don't have any  'bright ideas'  to solve the problem,  except to say that if enough people persistently refuse to give out their details in response to  'security questions',  the various companies involved will eventually have to do what they should have done in the first place and come up with bright ideas of their own to solve the probem,  if indeed there is actually a problem to solve.    As regards a practical alternative,  the only currently workable one I know of is to obtain the caller's name and extension number and call them back on a known safe number  -  as long,  as I mentioned above,  as you don't mind waiting in a queue of indefinite length and even then very possibly not getting through to the right person.    Alternatively,  let them deal with the issue by e-mail,  if that's a viable alternative.    Other than that,  since I'm not on the payroll of BT or any of the other telephone providers,  I'm happy to entertain  'bright ideas'  from anyone else who may have any  -  ideally,  those who are on the payroll.

"Even the 8 character BT supplied password doesn't work because if a spoof caller calls me and asks me for characters 3 and 7 for example, they could just say yes that's correct and move on to discussing bank details etc."

The logical next step should be that the caller then repeats, say, character 4 and 8 back to you. That way both parties, in theory, may be trusted.

---

@mispeltyuothwrote:

"Even the 8 character BT supplied password doesn't work because if a spoof caller calls me and asks me for characters 3 and 7 for example, they could just say yes that's correct and move on to discussing bank details etc."

The logical next step should be that the caller then repeats, say, character 4 and 8 back to you. That way both parties, in theory, may be trusted.

---

I might be wrong here @mispeltyuoth but my understanding is that the caller is only shown 2 out of the 8 characters at random, for security reasons. So they cannot do as you suggest. If the person being called is suspicious they could at first give two incorrect characters to see if the caller can acknowledge the error but then it's starting to get silly.