This is going back a few years to when customer service, online banking, and other servicing groups reported to me, but as far as I know they still have these practices in place:
If you are referring to in-online-banking chat (i.e. they have logged in and been authenticated by the OLB system), they can have any information they ask for since they have been authenticated. It's possible that your system doesn't pass authentication on to your chat system - if so, you could use the outside-of-online banking steps below.
If they have come in through a non-authenticated environment (www.xyzbank.com
), we ask standard SSN/DOB/account number questions plus some sort of out-of-wallet question (can you tell me the approx amount of the car payment that you pay from your account, what was your last debit card transaction, etc.). Once authenticated, they can get as much info as needed.