TCPA in the Age of Trump : Kern v. VIP Travel Services

AP Photo/Charlie Neibergall

AP Photo/Charlie Neibergall

By: Tim Prugar

             For businesses that leverage telecommunications as a primary method for selling, whether through voice or SMS channels, the election of Donald Trump to the presidency signified a potential sea change in the way that the Telecommunications Consumer Protection Act (TCPA) would be viewed and enforced. On the one hand, Trump has spoken frequently and publicly about the need to grow American business and remove regulatory barriers that might inhibit that growth. On the other hand, Trump’s new Chairman of the FCC, Ajit Pai, has come out swinging in his vows to stop the “scourge” of robocalling, a major business tool of telemarketers. With these two seemingly competing views of how to approach telemarketing and other telecommunications-based sales outreach, what can businesses expect from TCPA interpretation over the course of the Trump presidency?

            One of the only ways to make accurate predictions is to monitor, analyze, and discuss TCPA cases that are taking place right now. 

 

            Kern v. VIP Travel Services

             Last week, a United States District Court in Michigan issued an opinion in a class action lawsuit against a series of hotels by consumers who had been marketed to on their cell phones. According to the consumers, third-party travel agents were leveraging autodialers to reach them on numbers that were registered with the Do Not Call (DNC) Registry. The consumers alleged that these agents were not only violating TCPA, but that they were doing so with the full blessing of the hotels, who they alleged had provided material assistance in the form of resources and marketing collaboration. The consumers also alleged that the hotel logos were clearly visible on the third-party agent web sites.

            Naturally, the hotels objected to these allegations, and stated emphatically that the third-party agents were acting of their own accord. The courts sided with the hotels, noting that the contracts between the hotels and the the third-party agents clearly established the agents as independent contractors and explicitly stated that all laws governing marketing, including TCPA, should be adhered to. The courts found no evidence that the hotels gave consent for their logos to be used on the web site.

            The theme at the center of this legal dispute is the concept of “vicarious liability.” Essentially, the consumers were alleging that the Hotels should be held responsible for the behavior of the third-party agents. In this case, the courts argued that in order to prove “vicarious liability” in a TCPA suit, the party making the allegations has to prove more than the “mere nexus” of the defendant and the caller. They have to provide solid evidence - which the courts believed the plaintiffs failed to do. 

            So what does this mean for businesses? First, these kinds of lawsuits still cost defendants in the form of time, stress, and legal fees. Second, businesses working in the telemarketing space (whatever form that must take) need to be aware of and tuned in to the business practices of any third-party vendors to whom they might outsource sales or marketing. Their actions can come back to haunt you. Third, make sure that you are checking the validity of a number before every single outbound dial – cross-referencing the DNC Registry, checking for changes in porting, and confirming line type.

            The future of TCPA enforcement is still uncertain, but being wary, informed, and compliant will never go out of style.

 

Tim Prugar is Next Caller's Director of Customer Success. He can be reached at tim@nextcaller.com.

3 Lessons Contact Center Leaders Can Learn From WannaCry

By: Tim Prugar

     The transnational WannaCry Ransomware Attack exploded across the internet early Friday Morning on May 12th, and it’s aftershocks are still being felt early this week as some machines in Asian Markets are being booted up for the first time after the weekend. For the curious, Nicole Perlroth over at the New York times provides an outstanding overview of the background events leading up to this cyber attack, but the basic facts are relatively simple. A hacker or team of hackers identified a vulnerability in the Server Message Block (SMB) Protcol in Microsoft Software, and put together a ransomware attack that spreads through a system’s file-sharing capabilities. The attack would immediately encrypt all of the system’s files, demanding a Bitcoin payment for the de-encryption and safe release of the pertinent documents. The attack, like many, was unleashed via a simple phishing ploy – an unsuspecting victim downloaded and opened a file they shouldn’t have that contained the malicious software. The rest was a nightmare for the cybersecurity community.

     While the WannaCry threat can reasonably be classified as “cyber terrorism”, and patches to protect machines from being infected have already been issued, Information Security Officers should use this incident as an opportunity to pull lessons about protecting all channels from attacks from bad actors. What can fraud experts, CISOs, and Call Center Leaders learn from the WannaCry attacks?

 

1. The Human is the Weakest Link In the Fraud Chain

The methods through which WannaCry spread and replicated may have been automated, but the door for access was opened by a human being. Basic social engineering is at the heart of many of these phishing, SMSishing, and vishing scams, and the phone is one of the most lucrative channels for manipulating a human being to a desired end. CISOs and Call Center Leaders should be investing heavily in training agents to identify and recognize common social engineering methods and tricks, and should consider exploring technologies that are able to identify calls real-time that have been spoofed or otherwise manipulated. There is a high correlation between ANI Spoofing and phone fraud attempts, so more information allows agents to “trust but verify” with more complete data.

 

2. The Cost of Attacks Go Beyond Money

     The big story of the WannaCry attacks isn’t the absolute value of the money extorted (some reports have it at less than $60,000), but the “collateral damage” losses of disruption to services, man hours lost, and even potential health implications. The WannaCry ransomware didn’t just infect computers in a vacuum – it infected computers at Universities, the British National Health System, train stations in Germany, and multi-national corporations based out of France and China. Similarly, when fraud teams do cold “dollars and cents” cost benefit analyses of fraud solutions for the Contact Center, they often look only at their absolute number of fraud losses, and compare that to the cost of the solution. CISOs and Contact Center Leaders should look at the problem holistically: How much time are we losing due to caller authentication? Can we quantify the damage being done to our brand due to fraud and data breaches? Are fraudsters leveraging information stolen at the contact center level to make larger, more costly fraud attacks elsewhere?

 

3. Hackers and Fraudsters Are Very, Very Good At Exploiting Vulnerabilities

     Some hackers and fraudsters are organized criminal enterprises; others are impish troublemakers. Either way, these people are experts at identifying weaknesses in security systems and exploiting them for their own gain. Just as the architects of the WannaCry attack masked their malicious software to get a foot in the door, so too do those looking to commit account takeover or identity theft through the Contact Center mask their phone number to minimize the likelihood of detection. By using ANI Spoofing, fraudsters look to mimic the phone number of an existing customer to bypass ANI-matching authentication procedures, or look to mimic a completely random phone number to hide their own identity. Either way, these fraudsters are leveraging spoof as the main method for their attacks, and any technologies that can detect these spoofing attempts real-time provide an added layer of much-needed security at the Contact Center level.

 

     So what can CISOs and Contact Center Leaders do in the wake of the WannaCry attack to ensure that all channels are adequately defended from bad actors?

     Security Leaders would be wise to conduct a thorough audit of Contact Center authentication and security protocols to ensure that vulnerabilities and weaknesses in the call flow are identified, isolated, and addressed in a timely fashion. Tools such as blacklists, voice biometrics, and anti-spoof technology are all strong safeguards to keep bad actors out, but they are used best in tandem as a layered solution to provide the highest possible level of Contact Center security.

 

Tim Prugar is Next Caller's Director of Customer Success. He can be reached at tim@nextcaller.com.

Offline Interactions Don't Exist: Wisdom from Dan Gingiss

By: Tim Prugar         

           Last week, I had the pleasure to sit in The Standard Club in Chicago, Illinois and listen to Dan Gingiss present to a room full of Customer Experience Executives regarding his philosophy on social customer service. With a single, calmly delivered thesis, Dan changed the tone of the room from interest and curiosity to stunned realization: there is no longer any such thing as an offline experience.

            This point is even more pertinent during the recent whirlwind of airline controversies. Whether it’s assaulted passengers, threatened parents, slapped cell phones, or retaliatory reservation cancellations, it’s clear that what happens on airplanes or in airports is not probably going to find its way on line, but is certainly going to do so. An endless spate of blog posts have been penned expounding upon the need for empathy and knowing the full situation before reacting (or in these cases, overreacting). However, when these PR nightmares explode online, brands typically have at least a few precious hours to huddle, fact-gather, game-plan, and ultimately craft an A/B tested response with more complete information.

            But what if you’re a Contact Center agent, and your “Customer Service Nightmare” is happening with you, on the phone, in real-time?

            The strongest agents have an ability to de-escalate, gather information, express empathy (or even sympathy!) and work rapidly towards a resolution. However, even agents possessing those incredible professional and social skills start the conversation from behind the proverbial 8-ball. So what can brands do to ensure that a contentious customer service phone call doesn’t become a viral social media debacle?

            It’s simple. Arm your agents with more information before they even pick up the phone.

            If I’m experiencing a CX nightmare, and the first thing I have to do is spell, respell, repeat, and re-respell my last name? I am certainly not going to de-escalate any time soon. If it takes upwards of 2 minutes to link my call to the item I’m calling about that was never delivered? Not helping the situation. If agents are able to acquire information as basic as the name and home address of the caller, or as advanced as the caller’s email address or social media profiles, they are immediately better equipped to skip the friction-filled portion of the call and get right down to collaborating with the caller to solve the issue.  

            There is no situation where more information or more context cannot better prepare the customer-facing brand representative to do their job more effectively.

            Keep yourself off of the internet for bad reasons and on it for good ones. Give your agents the information they need to handle every interaction, every time.

 

Tim Prugar is Next Caller's Director of Customer Success. He can be reached at tim@nextcaller.com.

Is Knowing the Marketing Source of Your Phone Calls Good Enough?

A simple answer to a complex question. 

A simple answer to a complex question. 

 

Knowing The Marketing Source Of Your Phone Calls Is Not Good Enough

Companies investing in lead generation Internet marketing frequently (and surprisingly) fail to track phone conversions, since Google Analytics and other backend website management platforms don’t support it.

But even companies that have set up phone tracking, to determine the marketing source of the phone conversion (SEO, PPC, etc.), are still missing a crucial piece of the puzzle: Lead validation.

Lead validation is the process of listening to recordings of phone conversations and reading website form submissions to separate sales leads from non-leads. As you’ll see in the presentation below, The Critical Importance of Lead Validation in Internet Marketing, validation makes all the difference in the world because about half of all conversions are NOT leads.

The culling of non-leads from campaign data and campaign testing has enormous implications on lead production and marketing ROI. Read the presentation now:

Aaron Wittersheim is an accomplished entrepreneur with more than 20 years of business and technology experience. He is a partner and COO at Straight North, a Chicago-based Internet marketing company.

Three Strategies for Call Center Optimization

Artist's rendering of Michael Cho dictating a blog post.

Artist's rendering of Michael Cho dictating a blog post.

Next Caller Philosopher-King Michael Cho was recently asked by Execs in the Know, a global network of customer experience professionals, to put together some thoughts for a guest blog post. You can read Michael's insight on optimizing the call center not only for excellent customer service, but also to increase revenue below:

Michael's Guest Post at Execs in the Know