List three authentication questions (but not the answers) a credit card company could ask to authenticate a customer over the phone. The questions should be ones to which an impostor could not readily obtain the answers. How difficult would it be for you to provide the correct answer vs a malicious actor

Security questions need to be very personal and very specific so that only one individual knows them. Some example questions would be the following...

What are the last 4 digits of your Social Security Number? ... every US citizen has a social security number and it is very personal document that only the owner should have access to.

What is the street name where you lived when you opened the account? ... on average a person moves 12 times in their lifetime, therefore, very few people would know the exact address where you lived when you opened the account.

What is your mother's maiden name? ... This is a common question asked by banks and financial institutions because most people will not know your mother and even less will know her maiden name. Therefore, it is a very good security question.

These are all questions that a bank will have the answers too and know if you are telling the truth or not, but are also questions that would be extremely difficult for anyone else to obtain. Mainly since some require a personal long time connection with you while others require very personal information which no one shares.