How do you trust organisations when they call you? organisation identity is missing element.

Have you noticed how much time and effort has been put in to ensuring you are who you say you are when you try to call your bank, pensions, energy, mobile provider, or speak with someone at your local authority, central government?

They all want to to answer any number of questions that they have pre-agreed with you in some manner or other, the 1st 4th and 11th characters from your pool of memorable information they hold on you, or they want you to associate your voice print with their authentication mechanism or a mobile device to be validated and then linked to your fingerprint. Some want you to have physical devices and cards that you need to use to provide the missing information either when asked or as part of a challenge response mechanism. Some send you text messages with one time codes, others send you onetime links that let you login. There are even those who wan you to tell them the last three transactions on your account including the amounts!!!!

Quite confusing and frustrating for almost any individual for sure even if the goal is to keep you safe or protect the organisation from a liability if they give out the wrong information to a third party or do something like move your money or change your services in some way without it being you. Prevention of fraud, error, risk and liability drive the agenda.

What seems startling to me an almost anyone I speak with one to one or at a conference I am speaking at or a client I am working with is the simple fact that organisations offer no such confidence or mechanism for proving who they are to individuals when they call them by phone. Worse still when the do call you by phone they almost ludicrously ask you all the security questions when you ring them. It seems that the concept of a phishing attack has not occurred to any of them and I mean any of them.

Many of these services have implemented secure apps and online services with strangely poor secure messaging services that are not in fact often used by the individual or the organisation. Surely having gone through all the hoops to set this up it would be the first route to contacting you or providing a means of proving who they are but no.

How many times have individuals simply said “I am not prepared to give the information you ask for out over the phone because I cannot be sure you are who you claim to be” only to be met with a mad offer of calling them back on a number they provide to give comfort and then go through the process. Problem, you still do not know its the right number for the right organisation do you.

How many times has an individual said “but you called me on my registered mobile number that is contained in my secure account record surely that is enough after all its you who wants to speak with me is it not” again this logical statement is met with refusal to accept the common sense of the point.

Surely if the goal of the call is to keep me safe and deliver a high quality service that should be the priority. If they care calling to warn of possible misuse of my credit card or to discuss some matter that is an active service request or transactions then most welcome.

If the reason they are calling is to sell me something or to complete a customer satisfaction survey then they are unlikely to have my appreciation. Just imagine what would happen if the delivery driver charged with dropping a parcel off at my home required me to go through a security check when he could not find the property.

This problem expands exponentially when you have to move between departments or across channels of engagement e.g. call, app, web, chat bot, in person. Channel switching is almost the norm these days as people do research on line or are referred to online or in premise services but nothing is carried with you as suddenly you have to prove who you are again and and again.

Organisations have started to think about proving some channels are trustworthy through certificates on websites, apps and chat bots but most of what is done is the delivery of endless documentation and guides that very few people actually read all as part of compliance and risk mitigation to remove liability from them to the individual

So we have a number of problems here don’t we

• organisations do nothing to prove who they are to their customers when making outbound phone calls and create a risk for those they serve as well as effort, friction and stress caused by the cognitive dissonance arising from being asked to give out secret information to an unknown party
• organisations do not address the issues of effort, friction for those they serve when accepting in bound phone calls, different hoops, repeating steps, bizarre password policies, complex pass phrases that they are supposed to remember at the drop of a hat
• there are no consistent design patterns centred around the individual that that they can control and learn that allows them be confident and consistent in how they understand risk and take the right actions

So what is the solution beyond the obvious which is fix the problems, could not be simpler could it

• Provide a simple means for organisations and individuals to have trust and confidence, nay certainty that who ever is calling the other one knows its them. The technology exists but for some reason business identity has been ignored completely which creates an inherently risky market for relationships between individuals and organisations
• Make it possible for trust to carry across different channels wether mid transaction or part of a save and return model. All the spin about Omnichannel solutions only works when all the tech is from one vendor, if ever there was a case for an interoperability model for this surely this is it
• Explore the use of person centred design patterns and solutions which mean individuals have their preferred approaches and organisations can subscribe to those preferences. After all what is better one individual offering a consistent approach to 250 organisations or 250 organisations offering 250 different approaches to one individual.

I have been working with organisations across all sectors on CRM for over 20 years and this is the one area that seems to have a set of blinkers on.

Lack of business identity solutions is a risk to business and customers, it is inefficient, creates friction and effort and damages trust, confidence and satisfaction no matter how you measure it. Remove friction and effort, deliver something that is based on common sense and your customers or the people you serve will recognise it.