Spying eyes?
Research shows it costs about $35 to service an inbound customer call and about $15 to
respond to email inquiries. Enabling customers to browse for information lowers those costs to less
than $1.
By Garry Kranz
VOI
Self-service technologies let customers browse Web sites for information on specific service
questions: Does this product come in blue? Where is your nearest outlet? What is your return
policy? Your customers save time and conveniently get basic questions answered -- often with little
or no intervention from customer service representatives. Your company, therefore, reduces the cost
of providing good customer service.
Frequently asked questions, or FAQs, are the
most primitive form of self-help. More sophisticated tools include instant
Web messaging, content pushing,
browser sharing and voice
over Internet technology. These self-service tools enable service reps to see all prior contact
with the customer, eliminating the need for repeating account information.
Browser sharing, for instance, lets a service rep view your customers' online browsing habits in
relation to their past interactions with the company. The service rep could anticipate the type of
information customers are seeking and point them in the right direction.
To some, however, these cool technologies raise the specter of Big Brother and beg the question:
How secure is your customers' information, anyway?
"The answer is 'not very,'" says security expert John Muir. "Many companies don't employ nearly
the level of security they should, thus leaving some embarrassing holes. Unless they keep up with
all the patches (for computer operating systems), their systems could be compromised."
Most companies ensure customer information is encrypted against fraud, identity theft and other
unauthorized uses. Many Web sites use Secure Sockets Layer
(SSL) technology, a commonly used protocol for providing security of messages transmitted via
the Internet. Another security measure, known as a digital
certificate, is used to verify a user's identity.
These measures provide some protection, but are not perfect. A digital certificate, for
instance, indicates that "data is safe between two computers during a transaction. But it doesn't
prevent that data from being vended somewhere else," or augmented with additional personal
information gleaned from data
mining, says Muir.
The biggest security threat is to "information at rest" in corporate data centers or
databases,
behind firewalls with
varying degrees of security. "Self-service technology is an enabler of putting additional data at
risk, but it's not terribly unique in its ability to do so," says Bob Lonadier, an analyst with
Hurwitz Group in Framingham, Mass. "And there are solutions, namely things like public key
infrastructure, that are rising to meet that need."
Brian McCauley is typical of many consumers. McCauley, an information-systems professional in
Greenwich, Conn., likes the convenience and security of using Web self-help to manage his personal
finances online. But when ecommerce sites ask for sensitive personal information, he draws the
line. The reason for his reluctance, he says, has to do less with the security of technologies than
with unpredictable human behavior. "What makes me uncomfortable is not the technology, but the
human element," says McCauley. "If my personal information is sitting around in a database, anybody
could have access to it. That's what makes me hesitant."
Information security is especially crucial in financial services and health care industries.
Aside from federal laws regulating how information must be securely transmitted and stored,
building security measures into customer-facing technology is sound policy. FundsXpress of
Wilmington, Del., is a good example.
The company, which provides tools to help financial institutions offer online banking and other
services, uses Bozeman, Mont.-based RightNow Technologies' secure customer self-service products.
Michael Brooks, implementation manager, characterizes his company's security measures as "extreme,"
with Pretty Good
Privacy (PGP) technology deployed "at a fairly stout level."
Another RightNow customer is DoubleTwist Inc. The Oakland, Calif. bioinformatics
firm provides a highly secure online environment for pharmaceutical and research organizations
developing new drugs. The information is accessible only by the user and a dedicated customer
service representative, who has science training in bioinformatics. "Initially every one of our
customers asks about security because of the nature of their information. This is a whole new
frontier," says Su Liu, DoubleTwist's vice president of operations.
Security and cost
Research shows it costs about $35 to service an inbound customer call and about $15 to respond
to email inquiries. Enabling customers to browse for information lowers those costs to less than
$1.
Using self-service technology provided by Primus Knowledge Solutions Inc. of Seattle, Wash., has
helped Hewlett-Packard allay
customer fears and improve customer service, says Robert Schauble, director of IT services. Call
volumes have remained flat while Web inquiries have nearly tripled. Two-thirds of each call was
spent gathering information from a customer, with the remaining one-third devoted to problem
resolution. "We've basically eliminated about two-thirds of the call because much of that
information is harvested from the customer's computing device," says Schauble.
Be a Watchdog
Customers concerned about such "information harvesting" should be encouraged to request copies
of companies' privacy
policies. Many privacy statements are fairly standard and don't address removal of personal data
once it's been provided. "The fear is that once that information is on a server, it's there
forever," says Hunter.
Muir advises seeking written clarification on the information collected during an online visit.
"Anytime your computer connects to another computer you have to wonder: Is the system scanning my
machine? I haven't seen any overt disclosure statements about that."
Even the best-laid security plans are not impenetrable, however. Says Joel Tanner, product
manager for Primus: "In the digital age, as long as somebody's trying to probe the wire to get
unauthorized access to information, they're going to find a way to do it."
Questions to ask your self-help technology vendor:
- What assurances do I have that our customers' data will be removed if I decide I no longer wish
to do business with your company? Does your privacy/security policy stipulate that personal
information about our customers won't be vended, transferred, or stored elsewhere? How will
customers' personal information be disposed?
- What policies and procedures do you have in place to prevent unauthorized users from accessing
personal account information? What type of screening do you do to ensure company employees handling
sensitive data don't have a criminal record?
- Does your company implement independent system integrity audits to prevent fraud and misuse of
your system and your customers' data? What voluntary standards has your company enacted that go
above and beyond basic security precautions (such as full disclosure up front, written guarantees
that no additional personal information about my customers will be gathered from other sources
without their knowledge, etc.)
- Does your company have an insurance policy in force to protect my clients' data from hacking
and other risks?
- Outline the aggressiveness of enforcement of your company's security/privacy policies. Be sure
to let your customers know that strict security/privacy policies are being enforced with your
self-help technology vendor.
Garry Kranz is an independent business and technology journalist based in Richmond, Va. Reach
him at gkranz@ureach.com.
MORE ON THIS TOPIC:
- To access a collection of useful links related to customer service and support, visit searchCRM.com
- SearchEbusiness.com has a variety of information
related to customer service and support
- SearchSecurity.com also offers extensive
information on ecommerce security.
