There are any number of ways to do this, and we've all experienced them when calling a financial institution or healthcare provider. You might be asked for the last four digits of your Social Security number, your date of birth, your mother's maiden name and so on.
With that sort of thing in mind, I met with some of our customer support staff, who told me that most customer service personnel simply asked for the customer's name and then checked to see if it was listed in Salesforce, just taking the caller's word that he or she was indeed the user whose name was listed. Some said they might balk if the user's voice didn't sound familiar. Naturally, I didn't find these to be valid methods of verification.
My next step was to review our policy, processes and training documents, and I found them sorely lacking in guidance on positively identifying customers. So I got together with customer support management, and we quickly drafted policy and protocol, the essence of which was that customer support personnel would need to validate users from information not readily available from public sources such as the Internet.
To introduce the new policy and guidance, I put together a presentation for the support staff, in which I demonstrated how easy it is to obtain information from the Internet. I chose one of our largest customers, and with nothing more than a Google search, I identified the most appropriate administrator or power user for our application. I then used LinkedIn to establish that that person was still active at the company. Several other business-oriented sites gave me additional information on the person. In less than two minutes, I had a name, email address, business phone, email and office address. To that I was able to add some interesting personal information from his wide-open Facebook profile. The customer service representatives were stunned, and I in turn was amazed that they had no idea that this sort of information could be gleaned from the Internet.
I then explained what constitutes the kind of information that can't be easily harvested. The first thing to check is that the user's caller ID matches the phone number registered in Salesforce. Then they need to to ask the user to answer some predefined security questions, such as the maiden name of the user's mother. They can also ask the user to verify the customer ID number or some information related to a transaction or activity from the recent past. If all else fails, the customer support representative can call back the user at the registered contact number, or send the user a verification message to the email address on file.
Now that we have a basic policy in place, I will be looking into automation that could help with customer verification. There are several products available that assist with streamlining this business process.
Sign up for MIS Asia eNewsletters.