It’s (Time For) A New Day In Authentication And Routing

Lori Bocklund is Founder and President of Strategic Contact.
Lori Bocklund is Founder
and President of
Strategic Contact.

The entry point to the contact center—identification and verification (aka authentication), along with routing—is a make-or-break moment for the customer experience. All too often it is unpleasant at best, and downright irritating at worst. It is high time to stand the old thinking on its head and implement new approaches. Today’s technology gives us the opportunity to (finally) get it right.

“The old tools and techniques aren’t enough. Success requires customization and personalization, not a onesize- fits-all approach. The key is to use data and technology well at each stage of the process.”

While this discussion is mostly about calls, the concepts apply to text messages, web chats or emails, and to whatever devices customers choose to use. We can do better across media, for assisted service and self-service, using what we know about the customer every step of the way.

If It’s Really All About Customer Experience…

Prompts are arguably the most hated and frustrating part of any contact, with routing to a person who can’t help not far behind. And let’s not forget the initial steps of call handling as another source of pain. In spite of CTI being a 20+ year old concept, many centers still don’t “pop” available information and train agents on processes to use it. Combine these issues with a transfer to yet another uninformed agent who starts over and you’ve rung the death knell of any potential for a “good” customer experience.

Security Is a HOT Button, But It Can Be COOL

People are getting serious about security, and the risks are higher than ever. Individuals and organizations with evil intent abound. Some of the focus on contact center authentication is driven by legal, compliance and audit requirements. Organizations are rightfully concerned about the financial impact of a breach as well as the potential for severe reputation impact. While various departments have a say in security requirements, they don’t always understand the customer experience implications.

On the other side, customers get it. Nobody wants their identity stolen or account hacked. Yet they find it all terribly burdensome. NICE has an infographic that states “85% of customers are dissatisfied with the authentication process.” As FIGURE 1 shows, the whole password thing isn’t working—and don’t get me started on remembering my “favorites” and my first pet’s name. (Did I use my goldfish? Or my dog?)

So how do you make everyone happy with this cumbersome yet important process? Don’t apply one size fits all. Tie security to call purpose and what you know about the customer or potential customer. Require more detailed authentication only if the nature of the transaction and intelligence on the caller demands it. Use technology to manage risk on each contact, and chances are everyone will feel better about the whole process.

These stage-setting steps get harder as fears of fraudsters and hackers grow and regulations and associated demands for risk management increase. Any center that is truly focused on the customer has to solve a difficult dilemma: Make prompts and authentication simple, ensure that security requirements are met, AND get the customer to a helpful person who has information about the caller and his or her needs. The old tools and techniques aren’t enough. Success requires customization and personalization, not a one-sizefits-all approach. The key is to use data and technology well at each stage of the process.

First: Who Is Calling and Why?

An important initial task is to identify the caller. The “typical” approach prompts for an account number, SSN, order number or some other unique identifier. Network information can play a key role, thanks to good old caller identification or Automatic Number Identification (ANI). But these numbers are easy to spoof, so they can’t be trusted. Enter third-party services to help identify if the caller is a risk. For example, Pindrop and TrustID can be inserted into the call flow to check the ANI and other network and call information against databases and intelligence that grows increasingly smarter in gathering “bad guy” data versus “good guy” data. They return a rating on the call through a risk score or red/green, respectively. The center can then use this rating to adjust the security steps to take.

But identification is just one step and most centers need verification, too (thus the term Identification and Verification or ID&V). Companies turn to numbers, passwords, phrases or other information for “multifactor authentication.” Security experts talk about three categories of authentication: knowledge (something a customer knows), possession (something they have) and inherence (something they are). Possession is more likely for channels like retail and branches (e.g., credit card, debit card). Contact centers typically use knowledge (e.g., password, mother’s maiden name, last transaction) but rely heavily on information others could fairly easily obtain (address, date of birth). Those approaches are lousy for IVR entry, not to mention sometimes difficult to know or remember. It’s time to move past this situation for everyone’s sake. (SEE FIGURE 1.)

Enter biometrics. Biometrics is inherence, and is likely to become the more common approach as we leverage mobile devices and their security functions, such as thumbprints. We expect rapid innovation on other options, such as facial recognition or retina scans (we all have cameras in our pockets!). Another option is voice prints, which have required active enrollment but technology now can offer passive enrollment from conversations. Biometric input could be used to flag risk for routing, alert an agent, or change authentication scripts or prompts. That leads to smarter Knowledge Based Authentication (KBA) where agents (or systems) are not asking the same questions of everyone, but only asking what is needed based on what is already known.

While not widespread in the U.S. yet, some of the early adopters (e.g., major banks) are using biometrics within a channel and cross-channel. For example, I log into my bank’s mobile app using my thumbprint (“TouchID”). When I need assistance, it uses the information from my login and where I am in the application to dial the right number, navigate the menus and provide my account information. I’m already authenticated, and they already know what I’m doing, so I encounter no prompts and no pain.

Security Best Practices and Human Behavior Are at OddsThe next important task is knowing why a customer is contacting the center. Sometimes the number dialed is enough, using good old Dialed Number Identification Service (DNIS). More often, companies need prompts, and this is where it often gets ugly. The first goal should be to keep it simple and only prompt to the degree needed to route them properly. Every prompt should have a purpose for the customer. Prompts should NOT be used to report on call types when calls are routed to the same agents. Use call wrap/disposition codes or system information or quality monitoring or speech analytics or some other technology that doesn’t burden the customer to get the data you need!

There is a bit of chicken-and-egg sometimes, but the call purpose may come after ID&V to trigger custom prompts. You can use data about the customer (some refer to it as “context”) to ask for information specific to their situation, or better yet, to deduce their purpose WITHOUT prompts. For example, you can use call history and open issues or orders to determine where the call should be routed (group/skill or even individual). With the rise of what we like to call “mini-CRM,” you can use contact history and basic customer information to make some really smart decisions about what the call is about. So you’re left with short menus that are easy to understand and relevant to the caller and their situation, or no need to prompt because you have a pretty good guess based on data and intelligence (business rules).

Second: How Do You Route and Handle Effectively?

So after this simple, easy to understand, appropriate process to identify “who” and “why,” it’s time to get the routing right. This too requires smarts, not just “skills.” I will label skills “old thinking,” and note that many centers struggle with complex structures that drive overly messy prompt trees anyway. Smart routing is about customization and personalization, using data gathered and data available.

The concierge at a hotel doesn’t send everyone to the same restaurant, or send them to the wrong one knowing that restaurant will redirect them to the right one. The concierge makes recommendations based on knowledge of the customer needs and the current situation. Our “routing concierge” will similarly guide the caller. It will use information gathered as well as any context available. It will use past experience and knowledge of what’s going on right now to make the best decision. Business rules (and the assumptions behind them) may not always be right for each contact, but customers will respect the experience more when it is clear you apply some expertise to their needs.

Of course all that good routing is compromised unless the system retains information and makes it available at an agent desktop. We’ve already pointed out that CTI is an ancient technology, but maybe we should think of it as an essential technology. A screen pop of information from a customer account with current and recent activity (across channels), along with some good training and processes, gets the conversation off to a great start that is personalized and customized. Flag what’s important to know about this customer (context!), and prompt with specific scripts or guides for any next steps required in authentication.

A potentially ugly situation has turned into a positive customer experience.

Here is a good example of routing and handling effectively: I call my airline, they use ANI to identify me, see that I’m booked on a flight that day, and that the flight has delays that will result in a missed connection. With no prompting, they route me to an agent who greets me with “Hello [NAME], are you calling about your flight to [LOCATION] today?” They have all the flight information up so that whatever question I have about that flight, they can answer immediately. But they also have my account information available in case I’m calling about something else. My time on the phone is minimized with a complete resolution and I’m on my way. A potentially ugly situation has turned into a positive customer experience.

Rethink Self-Service, Too

Customization and personalization can apply to self-service as much—or more—than routing to an agent for assisted service. A mobile app, web portal, or even an IVR can become a tool a customer uses to meet specific needs. Menus or options can leverage recent activity, change based on the security risk of the purpose or caller, or be configured based on preferences. For example, with one of my banks, with no login or password, I can slide up the home page of my mobile app and see balances for accounts I have designated. There is no risk of any transaction occurring, and I have configured my own view with an acceptance of the risk of someone else seeing these account balances. I view that risk as non-existent, both because I have security on my mobile phone in general, and because they can’t do anything with balance info—except be impressed or appalled!

In my opinion, the travel industry is a leader with their rewards or membership programs providing the key to customization and personalization that makes self-service more welcoming. From the “My Reservations” or “My Account” drop downs on the website, to the flight status, check in and boarding passes on the mobile app, to the “smart” IVR that goes straight to my upcoming reservation after it matches my ANI, they are making it easy on the customer.

It’s time to creatively find ways to be as welcoming, rather than letting broad-brush security policies and generalized ID&V processes tarnish even the simplest of customer interactions.

So this all sounds great, and to a degree, fairly obvious. It’s the right thing to do. But even when you have the technology, building and maintaining business rules is the hard part. You must integrate your contact processing technology with the right data. “Big data” is good, but what are you doing with it? To do what we’re talking about, you may only need “small data”—meaning the right data—to get the routing done with a good experience for the customer. If the center has other data sources, the routing can tap that (e.g., CRM, customer info in a core system), bringing multiple data sources together. And now with the “Internet of Things” (IoT) coming into play, there may be some additional external data to consider. For example, a healthcare device could send status data that is used in categorizing a customer and routing them accordingly. Or location data from a mobile app could factor into determining the reason for a call or authentication.

Create a Welcoming Front Door

I’ve always joked that every customer wants the center to know exactly who they are and what they want, but doesn’t want to have to tell you. Well, it is becoming increasingly possible to turn that joke into reality. It’s time to rethink how we “greet” customers, leveraging new tools and techniques to change the first steps of the customer experience from frustration to fascination.

Lori Bocklund is Founder and President of Strategic Contact.

– Reprinted with permission from Contact Center Pipeline,

Related Articles

Back to top button