We're at the point now, particularly where a phone app is part of the security process, that the phone app itself should have direct/private "phone" calling capability between the user of the app and the company. Obviously we have this within common chat apps, and we know there are good open source frameworks for doing this.
Company calls consumer via their private company-to-app system, app alerts user of an incoming communication request, and user accepts and has a voice conversation.
Then of course it becomes a question of the security quality of the app and communication design between it and the company, but presumably if that is broken then any app-based status or verification would also be broken.
Company calls consumer via their private company-to-app system, app alerts user of an incoming communication request, and user accepts and has a voice conversation.
Then of course it becomes a question of the security quality of the app and communication design between it and the company, but presumably if that is broken then any app-based status or verification would also be broken.