I'm not sure of the context, but typically the system sends you a security code to give back when logging-in or performing an account action, just to confirm you are using a device or phone number registered against the account.
I don't remember needing to provide a code back when talking to Customer Services (presumably because they call you these days rather than vice versa) - but I guess they may have added additional security to try to defend themselves.
