Already Developed Such type of application, Only with different approach, a random number is generated by web application, then application dial out to customer on customer number and speak out the random number to the web user, the user will punch in the random number, web site will verify the punch in number, as it already generated the number
(outbound call, two parameters 1. customer phone #, 2. random #)
You have similar approach with other direction, a web site will show random number, web site user will call on specific number (possibly toll free number), web site key in the specified random number and make successful authentication or verification.
(inbound call, two parameters 1. random # , session details to cross check web user)