Great customer service means making sure the customer is happy. But how can companies achieve this in practice? Of course, a good product or service is crucial, a smooth purchasing process is priceless, and an open line of communication non-negotiable. Today, however, customers are able to contact companies through more communication channels than ever before – from email and phone to social media and live chat. While multi-channel communication boosts engagement, it also brings challenges. One of the biggest is the sheer volume of data that is now being exchanged, all of which must be kept safe. Unless they have hibernated throughout the last few years, most consumers are now acutely aware of their privacy rights, newly reinforced by GDPR, and also of the ever-growing danger posed by hackers.
In this new landscape we have taken a look at five of the most important factors that have changed the face of customer service forever.
The Power Balance Has Shifted
Possibly the most important truth for brands to understand is that today’s consumers wield an unprecedented amount of power. This is largely due to an increase in channels through which they can express their satisfaction – or more commonly, dissatisfaction. Social media in particular has been a great way for brands to actively built relationships with their customer, but it has also made them a lot more vulnerable. A few screeching reviews and complaints on Yelp or Facebook can land businesses in big trouble. An unhappy customer who might once have complained to their friends can now tell everyone on Twitter about it. And as Snapchat, Facebook and VW can testify, negative publicity can have a terrible effect on sales and share prices.
The Cost of a Data Breach Is High
If customer trust is precious, one sure way to destroy it is by compromising customers’ personal information. Firstly, there are fines and compensation to pay – US retailer Target ran up an estimated bill of around 300 million dollars on these for its breach in 2013. Currently, UK supermarket chain Morrisons has been arguing its case in court to avoid “ruinous” compensation claims after a disgruntled employee published payroll details of 100,000 of the company’s employees.
But by far the most damaging factor in the aftermath of a breach is to the reputation of a brand, along with the loss of customer trust and business that results from it. Semafone’s own research showed that 86% of people (91% of women and 81% of men) would be unlikely to do business with an organization that had suffered a security breach involving credit or debit card data. The latest estimate from the IBM Institute, which regularly calculates this cost, is that the average total cost of a so-called “mega breach,” including loss of sales, is now $350 million.
Fraud Is Big Business
Two decades ago, shoplifting might have been a retailer’s biggest concern, while banks worried about break-ins, but today’s fraudsters have moved with the times. For most organizations, it’s no longer a question of whether they will be breached, but when. The Ponemon Institute’s 2018 Cost of a Data Breach Study found that the average global probability of a material breach occurring in the next 24 months is 27.9 percent, an increase over previous years. At the same time, the average total cost of a data breach is $3.86 million.
“Carding” – the theft and resale of credit and debit cards – has become a profitable pastime. One report revealed that Russian hackers were offering a six-week program for $945 teaching aspiring cybercriminals how to find legitimate credit card data for sale and hacking into PayPal accounts. Stolen credit card details sell for a relatively affordable $150 on the dark web, but the damage to consumers was $172bn in 2017.
For brands to protect themselves, a good place to start is with the regulations. 2018 was a big year for privacy with the EU GDPR coming into effect and the California Consumer Privacy Act (CCPA) passing the state legislature. Ironically, these privacy-focused regulations followed close behind the 2016 Investigatory Powers Act (also known as the Snoopers’ Charter) in the UK and the 2017 Executive Order 13800 in the US, both of which focused on giving governments access to citizens’ data, triggering fears on both sides of the Atlantic of an Orwellian nightmare.
Any companies taking card payments already have to comply with the Payment Card Industry Data Security Standard (PCI DSS), and those in the financial services sector are additionally regulated by the Financial Conduct Authority, so there is a lot to think about.
For contact centers, this goes a step further. Call recording is common practice, and in some cases mandatory – for example when recordings may be required as evidence in the case of a dispute. This can create a tricky situation in which regulations appear to contradict one another. On the one hand, the FCA demands that you record a call in its entirety, while on the other, the PCI DSS prohibits the recording of sensitive card data. In fact, the PCI Security Standards Council’s (PCI SSC) new guidance for protecting telephone-based card payments shines additional light on what is in-scope for compliance and how cardholder data can make its way onto recordings. There is a way to navigate all of these regulations (Semafone’s Cardprotect solves the call recording problem!) but it isn’t always easy.
Don’t Need it? Don’t Store It
Finally, customer service has been transformed by the vast mountains of personal information that now exist. In 2017, 2.5 quintillion bytes of data were created each day, and the pace is only accelerating. The potential of this “big data” to improve our lives by identifying health trends, predicting our lifespans and selling us things we want to buy, is undeniable. With this in mind, it is no surprise that businesses are holding more data on their customers before. In fact, customer information is the backbone of a range of business processes. However, we need to look at why we are keeping all this data. For marketing purposes? Just in case? While this might have been an acceptable answer a few years ago, in today’s landscape, and under the rules of the GDPR, it no longer is.
Thanks to the GDPR, and its ‘right to be forgotten’ clause, any organization holding personal information must now have a valid reason to be storing it. We must also be prepared – and able – to delete all of a customer’s information completely on request. Furthermore, holding more data than necessary simply increases the chance of an attack – so if in doubt, don’t hold it.
Customer is king – smile and protect
There’s no escaping the fact that customer service has a whole new set of rules. The customer is still at the center of everything, but there is a whole new job to be done. In exchange for all that valuable consumer data, we have to accept the burden of responsibility for its safety. It’s down to us to store customer data securely and transparently, and to put in place the right measures for both privacy and protection. It’s a more difficult job than smiling, but the rewards for getting it right are worth the effort.