Correct. I spoke with their digital team recently and got the low-down. Your full name and the phone number you type in is compared (not sure what entity does this comparison) with the telco billing records that also obviously have your name and number paired. In my case I only have a business cell phone which was problematic to use with my personal Capital One account for step-up auth.

It's disgusting to think about the record sharing, and I doubt it even protects against SIM swapping (or does it?).