Account recovery, governance, fraud, and biometrics: are these terms that come to mind when you think of Customer Service? They should be. These are common concerns that shouldn’t be limited to your application stack. After all, you can build the most impenetrable fortress of security services, but if you leave the backdoor open, you’ve failed to materially improve your security posture. Yet, as critical as this direct linkage between your organization and your customer is, many identity practitioners feel unprepared when asked to make decisions or recommendations that form the runbooks for operational groups.
This is a rich topic that scales in complexity with your organization. This session will cover some of the common use cases and considerations for retail and technology companies, including:
-High-risk operations with, typically, the least assurance. Ranging from resetting credentials, GDPR service requests, PII updates, etc. -Suboptimal, ‘out-of-band’ communication norms (social media, phone calls, etc.) for identity verification. -Managing risk in your workforce:over-provisioning, insider threat, providing for break-glass emergencies
And options for dealing with it:
- Various authenticators: There are common methods, like Knowledge-Based Authentication and SMS, and each have their benefits/risk. “Passive” methods like voice biometrics are increasingly sought, but fraught with technical and compliance complexities. Assurance level is an important concept here, balancing the need for customer satisfaction with customer data protection. -Consider compensation/localized risk when doing your staffing – is the opportunity cost of betraying your organization greater than what your data fetches on the black market? Invest in training frontline personnel about phishing, etc. Make people feel invested. -Give people a means to report unauthorized changes and suspicious activity– and your staff to escalate them/be invested as well.