There is next to no security.
All you are doing, is finding out whether whomever is calling can give the correct answers. You are not finding out who is giving the correct answers.
I used to work for a major ISP, who I won't name. One of the key things that was asked when taking a call or making an outbound call was - "are you the account holder/am I speaking to the account holder"? Why ask that, because if the person say's Yes and completes the security check, but it's NOT the account holder, you (the call centre agent) are not responsible.
There is of course the difference with some companies who allow you to have authorised people on your account, who confirm that they are and maybe give a password, that again is down the the company in question.
I personally worked very hard and did a lot of training to help on the phone, and believe me some people were thankful and others just assumed they knew everything!
It's a job that requires you to have a very thick skin, and lots and lots of patience.
If you have concerns about how a company like BT runs it's call centre, or chat facility, go to BT directly via their own support forum and ask how you can feed back your concerns.
All the best.