If you as a company are initiating a customer call, it should be standard practice to identify yourself first. Otherwise the call comes to the customer and basically goes:
"Hi, this is 'Robert' from Telstra, can I please have your full name and date of birth to verify your identity?"
Your immediate answer should be "What? No, sorry, I have no way of knowing you're really from Telstra."
Unfortunately, at that point, you run into a bit of an impasse. The customer shouldn't divulge any information over the phone until he or she is satisfied they're talking to the real company. The company shouln't offer customer information over the phone until they're sure they're talking to the real customer.
The only way I can see this going well is for the company to call the customer and ask them to call back on a publicly-listed customer service number to complete the call. That way, the customer starts with reasonable confidence that they're talking to the right company, and the company can ask for identity confirmation. Unsolicited calls, unfortunately, need to start with a high level of distrust, because scam callers have broken the whole industry.
Mokalus of Borg
PS - I tend to do just as the title says.
PPS - It makes receiving calls awkward, but more secure.