Thursday, February 13, 2014

Learning from the mistakes of others: The teachings of the @N case.

Today's post from SkyPlanner, South Florida's premier Salesforce consulting company, covers a curious case of poor customer management and the lessons that can be learned from others' mistakes.

A couple of weeks ago the social media world, as well as the entire internet universe, was thrown for a loop when it came to light that a man was extorted out of his Twitter username. Now that might not seen so tragic but it is when the man had already refused to part with his handle despite being offered up to $50,000 and twas forced to give it up due to serious breaches in customer service protocols by not one, but TWO companies. Naoki Hiroshima lost control of his @N handle through a type of extortion known as social engineering. According to Wikipedia, social engineering is "Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information." The "hacker" was able to force Hiroshima to voluntarily relinquish control of @N simply by tricking customer service reps at PayPal and GoDaddy into turning over critical information of Hiroshima's accounts to gain access to domains registered through GoDaddy. The hacker then threatened to take them over if Hiroshima did not give him control of the username. A more detailed outline of the case can be found here.

While this may seem scary to many, it is actually a great opportunity for other companies to look at their own customer service practices and provide better security for their customers. While it is easy to say that a company should just train their customer service reps to handle situations better but the truth is that, while training reps to better handle random claims is necessary, the responsibility of proper customer service falls on the people in charge. After a researching ways to provide better security in customer service, SkyPlanner came to the conclusion that these steps should be followed to achieve that goal:
  1. Implement two-factor authentication, or TFA, in order for customers to log-in to their accounts. TFA usually requires a username, password, and a third method of verification. Usually this verification is a code sent through text to the phone number currently on file for the account. SkyPlanner gathered from our research that using common methods of verification such as mother's maiden name or last four digits a customer's social security number are not recommended. This also protects users from themselves when they choose easily decipherable passwords. 
  2. Sever the chain of information as it currently stands. Much like banks, SkyPlanner found that using systems where the user inputs data into automated systems versus giving them directly to a customer service rep is most secure. This not only curtails the risk of having a rogue customer service rep stealing log-in information but also protects your company from any blame should the customer's information be stolen.  
  3. Finally, after receiving all the log-in information go one step further and make sure that information is encrypted wherever its stored. This keeps anyone with access to the servers where the information is stored from stealing it without much of a struggle. 

Customer security is always important and that is also true at South Florida's premier Salesforce consulting company. We at SkyPlanner hope the tips above can help you make your customers feel more secure. And if you're ever in need of help with your voyage onto the cloud remember that we are always ready to provide our expertise to help you grow.