System and method for second factor authentication of customer support calls

What is claimed is: 1. A system for authenticating information access requests includes: a customer service interface configured to receive an authentication request associated with an access request received from a client device over a first communication channel, the authentication request to determine whether the device is authorized to access an information sought by the access request; a storage device configured to store client data comprising pre-verified contact information for the client device; a client interface configured to push a second factor authentication request to the client device over a second communication channel established using the pre-verified contact information, and to receive an authentication response from the client device, wherein the second communication channel is different from the first communication channel; and an authentication server, coupled to the customer service interface and client interface, for generating the second factor authentication request for a cryptogram from the client device, the cryptogram provided by a contactless card to the client device, and, in response to a match within a predetermined threshold between the authentication response and the stored client data, for selectively unlocking access to the information sought by the access request; the authentication server further comprising: a stored master key and a stored counter value associated with the contactless card; and decryption logic for decrypting a cryptogram received in response to the second factor authentication request using a diversified key generated using the stored master key and the stored counter value to obtain a decrypted counter value, and wherein the match is between the decrypted counter value and the stored counter value. 2. The system of claim 1 wherein the authentication server is further configured to notify the client device of the access request using a third communication channel generated in response to the pre-verified contact information for the client device. 3. The system of claim 1 wherein the second factor authentication request comprises at least one selected from the group of a contactless card cryptogram request, a Short Message Service (SMS) code request, and an in-application notification. 4. The system of claim 1 wherein the pre-verified contact information includes at least one selected from the group of an Internet Mobile Equipment Identifier (IMEI), a phone number of a pre-verified device, and an email address. 5. The system of claim 4 wherein the first communication channel comprises a session identifier. 6. The system of claim 5 wherein the second communication channel is further established using the session identifier. 7. The system of claim 6 wherein the client data comprises an authorization level of the client device, and the authentication server selectively validates the client device by comparing the authorization level of the client device to an access level of the information. 8. The system of claim 7 wherein the information includes at least one of account information, a password, an address, and a phone number, and the access request includes at least one selected from the group of a read request or a modify request. 9. A method for authenticating access requests includes the steps of: receiving an authentication request associated with an access request received from a client device over a first communication channel, the authentication request to determine whether the device is able to access information sought by the access request; retrieving client data including pre-verified contact information for the client device from a data store; pushing an authentication request to the client device over a second communication channel using the pre-verified contact information, the authentication request comprising a request for a second factor authentication from the client device; receiving a second factor authentication response from the device over the second communication channel, the second factor authentication response comprising a cryptogram received from a contactless card to the client device; comparing the second factor authentication response to the client data; and selectively authenticating the client in response to the step of comparing, including selectively unlocking access to the information sought by the access request by: generating a diversified key from a stored master key and a stored counter value associated with the contactless card; and decrypting a cryptogram received in response to the second factor authentication request using the diversified key to obtain a decrypted counter value, and wherein the comparing is between the decrypted counter value and the stored counter. 10. The method of claim 9 further including the step of notifying the client device of the access request using a third communication channel established in response to the pre-verified contact information. 11. The method of claim 10 wherein the first communication channel comprises a session identifier. 12. The method of claim 11 wherein the pre-verified contact information comprises at least one selected from a group of an Internet Mobile Equipment Identifier (IMEI) and a phone number of a pre-verified client device and an email address of the client. 13. The method of claim 12 wherein the step of pushing an authentication request uses the session identifier in conjunction with the pre-verified contact information to form the second communication channel. 14. The method of claim 9 wherein the authentication request comprises at least one selected from a group of a contactless card cryptogram request, a Short Message Service (SMS) code request, and an in-application notification. 15. The method of claim 9 where the step of selectively authenticating comprises the step of determining an access level for the information. 16. The method of claim 15 wherein the step of selectively authenticating comprises the step of determining an authorization level of the client device and comparing the authorization level of the client device against the access level of the information. 17. A method for authenticating information access requests received by a customer service agent includes the steps of: receiving an authentication request associated with an access request received over a first communication channel from a client device, the first communication channel including a session identifier, the authentication request to determine whether the client device is permitted to access information sought by the access request; retrieving pre-verified client contact information for the client device from a data store; pushing an authentication request to the client device using a second communication channel established using the pre-verified client contact information, the second communication channel differing from the first communication channel, the authentication request including a request for a cryptogram from a contactless card of the client; authenticating the access request including the steps of: receiving the cryptogram from the client device over the second communication channel, the cryptogram received from a contactless card engaged with the client device; decrypting the cryptogram using a diversified key generated using a stored master key and a stored counter value to provide decrypted counter value; comparing the decrypted counter value to the stored counter value; selectively authenticating the client device in response to the step of comparing, including selectively unlocking acce