Wednesday, July 29, 2009

How to reach an agent , Aussie style, and 0870 numbers in the UK

Not strictly a European story, but interesting to see on the very good site that covers APAC and Australia, a news story on how to reach agents directly.

It seems that such is the frustration with IVRs and self-service that an enterprising Aussie has set up a wiki type site called so that consumers can share details of how to get straight through to a human. It's interesting to see how consumers really haven't bought into self-service the way much of the contact centre industry has. My suspicion is that consumers still need a lot of persuasion that self-service can benefit them and isn't just there for companies to save money.

To show how this can back fire badly, it's worth looking at non-geographic numbers in the UK. Originally these were introduced as a way of ensuring that consumers knew how much it would cost to call and so that a business could provide a single number for contact, regardless of where it's staff were located (or moved to). The problem was that once free local calls became more common in consumer telephone packages, a local non-geographic number meant that the consumer was now paying for something that free for them. Also consumers began to realise that non-geographic national numbers were costing them substantial sums in an era of otherwise falling telephone costs.

The consumer response (similar to Australia) was to set up the Say no to 0870 website, which was entirely designed to bypass national non-geographic numbers by instead giving the true, local number for each call centre. This was picked up by national media (especially by BBC Radio 2) and is now widely used in the UK and can save consumers significant sums.

The results for the users of non-geographic numbers have been less happy. One bank described to me how they had used non-geographic numbers to virtualise multiple contact centre sites in the UK. The idea was that by providing a non-geographic number they could virtualise their operations, use any agent anywhere in the UK to serve customers, and provide customers with a shorter wait time in queue. The problem was the Say no to 0870 website had had caused havoc with this by providing the local number for each contact centre so that calls were no longer queued centrally and customers ended up waiting longer.

The trouble is, that like the self-service example in Australia, the bank had never explained to consumers why the 0870 number might benefit them. As a result, consumer have seen something that appears to disadvantage them and have responded. It is arguable that this is all part of the consumer Web 2.0 response, and that these examples highlight how web 2.0 (or at least some technology changes, if you don't like the "web 2.0" term!) have empowered consumers.

Monday, July 27, 2009

Man in the middle fraud in call centres

Never one to post only on up to the minute stories, the blog was quite interested in the Finextra report a fortnight ago on "man in the middle" fraud in call centres. I just haven't had a chance to write on it until now.

Traditionally, man in the middle fraud has been more associated more with the web channel than the telephone channel (see for example "Man-in-the-middle phishing kits circulating freely on the Web" or "ABN Amro compensates victims of 'man-in-the-middle' phishing attack" from Finextra), so it's interesting to see the attack take place in the telephone channel. It's also interesting that the attack described in Finextra is very low tech compared with the programing knowledge required for the phisihing attacks. The telephone version of man in the middle is described as,

"....where a fraudster calls the victim claiming to work for their bank, warning that their account may have been breached or compromised. The criminal then puts the customer on hold and calls their bank, connecting the two while remaining on the line.

The bank then requests authentication information, such as social security number, passwords and other personal information. Once the personal information is provided, the fraudster quickly ends the conference line and informs the customer that the issue has been resolved.

Meanwhile, with the personal information gathered during the call, the fraudster can take over the customer's phone banking relationship and transfer money out of their accounts."

The interesting thing for me is that for this type of attack to be successful, it highlights how weak the process side of some banks can be. This attack depends on the banks authentication process revealing (a) all of the customer's authentication data each time and (b) not ensuring that customers have multiple levels of authentication. Most banks I've worked with probably wouldn't be caught by this kind of fraud, so I'm interested to see that there are banks out there that still lag so far behind.

It's far less sophisticated than some of the the attack I've seen recently, where fraudsters have built fake IVRs to pretend to be the bank and used VoIP diversion to fool customers into thinking they are calling a local number (see posts like "Contact Centre impersonation arrives in the UK") and probably far less likely to succeed. Similarly, targeted social engineering attacks are also more likely to succeed as these tend to rely on bypassing security procedures rather than attacking them head on.

I would argue that deception based attacks around identity impersonation (such as the one on Barclays discussed in the post "Security, Call Centres and Fraud") seems to be where the real threat remains, but I'm not so sure that the man in the middle approach is where the real threat lies. My suspicion is that combinations of phishing and contact centre impersonation will remain the fastest growing threat for some years to come.

Friday, July 17, 2009

British Telecom brings back contact centre jobs to the UK

Amidst all the gloom, it was good to see one positive news story. Yesterday, The Times reported that British Telecom was to bring at least 2,000 jobs back to the UK from India. In some ways it's a very significant move that, despite a recession and the cost problems at its Global Services arm, BT is not looking at running it's contact centre on the lowest possible cost base. In fact, BT is planning to close about half its Indian operation.

I was interested to see in the report that Ian Livingston (the BT CEO) denied that this was to do with customer service, despite a popular perception that BT hasn't got good customer service. The blog has looked at this previously (see the post from last year "CEOs of BT, the Royal Mail and Corel discuss telephone customer service"), and BT were quite open that they did not consider their customer service optimal.

I'm not sure this was a particular problem from their Indian operation, but it is certainly the case that Indian no longer represents the cheapest destination for offshoring and I've never thought India should compete for work on that basis. The problem is (as I've discussed in posts like "Indian Outsourcing, is it in decline?") is that many Indian organisations have competed on a cost basis and so have not necessarily delivered on quality or customer satisfaction. As a result, customer perception (regardless of the reality) is that many offshore contact centres are not going to meet their needs.

BT may have its own additional reasons for bringing the work back to the UK, such as wishing to minimise UK redundancies, but I think the CEO will appreciate any gains in customer satisfaction that this brings!

Wednesday, July 01, 2009

Scale and its problems in the contact centre

This week and last week I've been on site at the contact centres of some of the UK's biggest banks. These are also some of the UK's biggest contact centres, so it's been very interesting to see the challenge scale presents.

These organisations tend to have at least 10 million customers, which is a decent number if they all decide to phone you! What makes it even more challenging is that these 10 million customers have they data spread across thirty or more years of legacy systems.

It's interesting for me that the challenge of scale that this presents has been well addressed by telephony but the IT industry still lags behind to a certain extent. This might sound controversial, but if I explain that this is viewed from the perspective of customer service, it should become clearer. Contact Centre telephony (whether Cisco, Avaya, or Genesys) pretty much scales to run a very large customer service operation. It's taken twenty years of ACD development to get here (and the evolution of TDM technology to IP), but the telephony side of things works in terms of getting a call to anywhere that the organisation wants it to go.

By comparison, the availability of data and customer information (especially in real time) is still a real challenge. All the organisations I've been working with run 3270 sessions, or other terminal emulation, as so much of their data is still mainframe based. Processes similarly can be embedded in applications and present real challenges scaling to the wider enterprise. There is recognition that the process and application layer is now one of the choke points for customer service and IT System Integrators are starting to address it (see posts like "System Integrators write interesting things about contact centre for the downturn!"). The problem is that while mainframe was previously a very good answer to many of the scaling problems that organisations experienced, integrating yesterdays good solution into today's customer service requirements is still a struggle.

It's an interesting set of challenges and one I'll blog on further.