AI in the Contact Center: What Can We Learn From AlphaGo?

   By: Tim Prugar

           The nearly infinite moves a player can make in a game of Go makes it the perfect playground for AI. When DeepMind’s AlphaGo took on Go Champion Lee Sedol, the world wondered whether the AI Lab had been able to create a better Go Player. The reality was much more shocking.

            Early in the series, it became clear that AlphaGo wasn’t AI that played Go better…it was AI that played Go differently. By making moves that defied traditional human convention (an excellent rundown can be found at Quartz) AlphaGo demonstrated how to play the thousand-year-old game differently. Even more surprisingly, its human opponent was able to adapt and elevate his own creativity in ways that even confused the AI player.

            AI is a hot topic in the world of Customer Service and a constant on “CX Trends for 2017” listicles. Thought leaders debate whether Chatbots raise the specter of jobs lost to automation, while others laud the potential of AI to answer time-consuming, “quick fix” questions. Customer Service Guru Shep Hyken argues that AI has the potential to serve as a real-time Intelligent Assistant for customer service representatives, leading to more positive impacts on the customer.

            However, most of these conversations address what AI can do, not what we can learn. In five brief games, AlphaGo showed the world that even in 2017 there can be new moves and approaches.

What might Contact Centers be able to learn if they viewed AI as a resource rather than a tool?

How might AI allow businesses to find and develop entirely new ways of approaching Customer Service?

            The next leap in customer service won't be achieved by businesses that shop for AI to solve an existing problem. That leap will be made by companies who lean into adopting AI to find new and unique solutions that people never knew existed.

 

Tim Prugar is the Director of Customer Success at Next Caller. He can be reached at tim@nextcaller.com. 

Should ISPs Prepare for "Hacktivism" in the Wake of Net Neutrality Vote?

     The internet erupted in a collective fury last week as the FCC voted to rollback net neutrality regulations. From the internet commons of Reddit to the New York Times Editorial Page, observers noted with concern, anxiety, or full-blown rage that the policy shift was a threat to the concept of a free and open internet. The popular wrath was directed at two main sources: FCC Chairman Ajit Pai and massive Internet Service Providers (ISPs) who potentially stand to gain from the deregulation. With ISPs squarely in the sights of the internet’s vengeful wrath, the rise of “hacktivism” should give ISPs significant pause about the security threats this policy change can bring to their organizations.

 

What is Hacktivism?

            A blend of hacking and activism, hacktivists leverage security breaches or other cyber attacks to advance a political or social cause. Rather than looking for money, Hacktivists are seeking to combat perceived injustices. Examples include an attack on the state of Michigan’s website in the wake of the Flint Water Crisis, the hacking of DNC Emails, and even the data breach at Ashley Madison.

 

Why Should Net Neutrality Make ISPs “Productively Paranoid”?

            First and foremost, there’s already been an alleged hacktivist attack as a result of the net neutrality vote. The FCC itself has claimed that it suffered multiple distributed denial-of-service (DDoS) attacks that they believe had the goal of shutting down the public commenting system in advance of the net neutrality vote. These tactics are becoming increasingly common as an expression of internet outrage, and ISPs don’t need to look much further than headlines to see the anger that these policy changes have caused:

Comcast and Verizon’s Sneaky Push to Kill Net Neutrality is Just Embarrassing

Comcast and other ISPs celebrate imminent death of net neutrality rules

Verizon Apparently Thinks You’re Stupid 

FCC Buried By Fake and Hate-Filled Comments on Net Neutrality

            To sum…many people are very unhappy.

 

 What Can You Do To Protect Yourself From Hacktivist Attacks?

            The most important thing to recognize is that attackers focus on vulnerabilities and weaknesses. Any plan to shore up security must identify and secure frequently-overlooked channels.

1.     The Phone

Whether it’s PBX, VOIP-based UC systems, or a consumer-facing call center, the phone channel is a prime target for bad actors. ISPs should be certain that PBX/UC systems have secure passwords and that systems are in place to detect suspected breaches. A hacked PBX can run up hundreds of thousands of dollars in long-distance calls in a single weekend, and would be a perfect way for hacktivists to make ISPs feel financial pain for the net neutrality shifts.

ISPs who operate consumer-facing call centers should employ technology that can detect instances of call spoofing or robodialing in real-time. Executing a Telephony Denial-of-Service (TDos) attack by flooding a call center with robocalls is an effective way to completely shut down a call center, like what happened at the Minnesota insurance exchange. ISPs want to be sure to have strong anti-spoofing technology in place to prevent account takeover protect their customers’ personal data in the event of an attack.

2.     Phishing Attacks

The human being is always the weakest link in the fraud chain. From Snapchat to the World Anti-Doping Agency to GoogleDocs, significant cyber threats can be facilitated by an employee clicking on a link or downloading and opening a file they shouldn’t. It is essential that ISPs exhibit a heightened sense of internal security, and ensure that all employees have received recent training on phishing attacks, social engineering practices, and basic email safety.

3.     Third Party Vendors

With the rise of interconnectivity and the Internet of Things, it’s no longer enough to worry about your own security protocols and practices – you must also be rock-solid certain as to the security credentials of your third party vendors. An air conditioning vendor contributed to Target’s data breach, and Lady Gaga’s album was leaked after a collaborator was hacked. How are you being certain that your vendor partners aren’t accidentally putting your business at risk?

TCPA in the Age of Trump : Kern v. VIP Travel Services

AP Photo/Charlie Neibergall

AP Photo/Charlie Neibergall

By: Tim Prugar

             For businesses that leverage telecommunications as a primary method for selling, whether through voice or SMS channels, the election of Donald Trump to the presidency signified a potential sea change in the way that the Telecommunications Consumer Protection Act (TCPA) would be viewed and enforced. On the one hand, Trump has spoken frequently and publicly about the need to grow American business and remove regulatory barriers that might inhibit that growth. On the other hand, Trump’s new Chairman of the FCC, Ajit Pai, has come out swinging in his vows to stop the “scourge” of robocalling, a major business tool of telemarketers. With these two seemingly competing views of how to approach telemarketing and other telecommunications-based sales outreach, what can businesses expect from TCPA interpretation over the course of the Trump presidency?

            One of the only ways to make accurate predictions is to monitor, analyze, and discuss TCPA cases that are taking place right now. 

 

            Kern v. VIP Travel Services

             Last week, a United States District Court in Michigan issued an opinion in a class action lawsuit against a series of hotels by consumers who had been marketed to on their cell phones. According to the consumers, third-party travel agents were leveraging autodialers to reach them on numbers that were registered with the Do Not Call (DNC) Registry. The consumers alleged that these agents were not only violating TCPA, but that they were doing so with the full blessing of the hotels, who they alleged had provided material assistance in the form of resources and marketing collaboration. The consumers also alleged that the hotel logos were clearly visible on the third-party agent web sites.

            Naturally, the hotels objected to these allegations, and stated emphatically that the third-party agents were acting of their own accord. The courts sided with the hotels, noting that the contracts between the hotels and the the third-party agents clearly established the agents as independent contractors and explicitly stated that all laws governing marketing, including TCPA, should be adhered to. The courts found no evidence that the hotels gave consent for their logos to be used on the web site.

            The theme at the center of this legal dispute is the concept of “vicarious liability.” Essentially, the consumers were alleging that the Hotels should be held responsible for the behavior of the third-party agents. In this case, the courts argued that in order to prove “vicarious liability” in a TCPA suit, the party making the allegations has to prove more than the “mere nexus” of the defendant and the caller. They have to provide solid evidence - which the courts believed the plaintiffs failed to do. 

            So what does this mean for businesses? First, these kinds of lawsuits still cost defendants in the form of time, stress, and legal fees. Second, businesses working in the telemarketing space (whatever form that must take) need to be aware of and tuned in to the business practices of any third-party vendors to whom they might outsource sales or marketing. Their actions can come back to haunt you. Third, make sure that you are checking the validity of a number before every single outbound dial – cross-referencing the DNC Registry, checking for changes in porting, and confirming line type.

            The future of TCPA enforcement is still uncertain, but being wary, informed, and compliant will never go out of style.

 

Tim Prugar is Next Caller's Director of Customer Success. He can be reached at tim@nextcaller.com.

3 Lessons Contact Center Leaders Can Learn From WannaCry

By: Tim Prugar

     The transnational WannaCry Ransomware Attack exploded across the internet early Friday Morning on May 12th, and it’s aftershocks are still being felt early this week as some machines in Asian Markets are being booted up for the first time after the weekend. For the curious, Nicole Perlroth over at the New York times provides an outstanding overview of the background events leading up to this cyber attack, but the basic facts are relatively simple. A hacker or team of hackers identified a vulnerability in the Server Message Block (SMB) Protcol in Microsoft Software, and put together a ransomware attack that spreads through a system’s file-sharing capabilities. The attack would immediately encrypt all of the system’s files, demanding a Bitcoin payment for the de-encryption and safe release of the pertinent documents. The attack, like many, was unleashed via a simple phishing ploy – an unsuspecting victim downloaded and opened a file they shouldn’t have that contained the malicious software. The rest was a nightmare for the cybersecurity community.

     While the WannaCry threat can reasonably be classified as “cyber terrorism”, and patches to protect machines from being infected have already been issued, Information Security Officers should use this incident as an opportunity to pull lessons about protecting all channels from attacks from bad actors. What can fraud experts, CISOs, and Call Center Leaders learn from the WannaCry attacks?

 

1. The Human is the Weakest Link In the Fraud Chain

The methods through which WannaCry spread and replicated may have been automated, but the door for access was opened by a human being. Basic social engineering is at the heart of many of these phishing, SMSishing, and vishing scams, and the phone is one of the most lucrative channels for manipulating a human being to a desired end. CISOs and Call Center Leaders should be investing heavily in training agents to identify and recognize common social engineering methods and tricks, and should consider exploring technologies that are able to identify calls real-time that have been spoofed or otherwise manipulated. There is a high correlation between ANI Spoofing and phone fraud attempts, so more information allows agents to “trust but verify” with more complete data.

 

2. The Cost of Attacks Go Beyond Money

     The big story of the WannaCry attacks isn’t the absolute value of the money extorted (some reports have it at less than $60,000), but the “collateral damage” losses of disruption to services, man hours lost, and even potential health implications. The WannaCry ransomware didn’t just infect computers in a vacuum – it infected computers at Universities, the British National Health System, train stations in Germany, and multi-national corporations based out of France and China. Similarly, when fraud teams do cold “dollars and cents” cost benefit analyses of fraud solutions for the Contact Center, they often look only at their absolute number of fraud losses, and compare that to the cost of the solution. CISOs and Contact Center Leaders should look at the problem holistically: How much time are we losing due to caller authentication? Can we quantify the damage being done to our brand due to fraud and data breaches? Are fraudsters leveraging information stolen at the contact center level to make larger, more costly fraud attacks elsewhere?

 

3. Hackers and Fraudsters Are Very, Very Good At Exploiting Vulnerabilities

     Some hackers and fraudsters are organized criminal enterprises; others are impish troublemakers. Either way, these people are experts at identifying weaknesses in security systems and exploiting them for their own gain. Just as the architects of the WannaCry attack masked their malicious software to get a foot in the door, so too do those looking to commit account takeover or identity theft through the Contact Center mask their phone number to minimize the likelihood of detection. By using ANI Spoofing, fraudsters look to mimic the phone number of an existing customer to bypass ANI-matching authentication procedures, or look to mimic a completely random phone number to hide their own identity. Either way, these fraudsters are leveraging spoof as the main method for their attacks, and any technologies that can detect these spoofing attempts real-time provide an added layer of much-needed security at the Contact Center level.

 

     So what can CISOs and Contact Center Leaders do in the wake of the WannaCry attack to ensure that all channels are adequately defended from bad actors?

     Security Leaders would be wise to conduct a thorough audit of Contact Center authentication and security protocols to ensure that vulnerabilities and weaknesses in the call flow are identified, isolated, and addressed in a timely fashion. Tools such as blacklists, voice biometrics, and anti-spoof technology are all strong safeguards to keep bad actors out, but they are used best in tandem as a layered solution to provide the highest possible level of Contact Center security.

 

Tim Prugar is Next Caller's Director of Customer Success. He can be reached at tim@nextcaller.com.

Offline Interactions Don't Exist: Wisdom from Dan Gingiss

By: Tim Prugar         

           Last week, I had the pleasure to sit in The Standard Club in Chicago, Illinois and listen to Dan Gingiss present to a room full of Customer Experience Executives regarding his philosophy on social customer service. With a single, calmly delivered thesis, Dan changed the tone of the room from interest and curiosity to stunned realization: there is no longer any such thing as an offline experience.

            This point is even more pertinent during the recent whirlwind of airline controversies. Whether it’s assaulted passengers, threatened parents, slapped cell phones, or retaliatory reservation cancellations, it’s clear that what happens on airplanes or in airports is not probably going to find its way on line, but is certainly going to do so. An endless spate of blog posts have been penned expounding upon the need for empathy and knowing the full situation before reacting (or in these cases, overreacting). However, when these PR nightmares explode online, brands typically have at least a few precious hours to huddle, fact-gather, game-plan, and ultimately craft an A/B tested response with more complete information.

            But what if you’re a Contact Center agent, and your “Customer Service Nightmare” is happening with you, on the phone, in real-time?

            The strongest agents have an ability to de-escalate, gather information, express empathy (or even sympathy!) and work rapidly towards a resolution. However, even agents possessing those incredible professional and social skills start the conversation from behind the proverbial 8-ball. So what can brands do to ensure that a contentious customer service phone call doesn’t become a viral social media debacle?

            It’s simple. Arm your agents with more information before they even pick up the phone.

            If I’m experiencing a CX nightmare, and the first thing I have to do is spell, respell, repeat, and re-respell my last name? I am certainly not going to de-escalate any time soon. If it takes upwards of 2 minutes to link my call to the item I’m calling about that was never delivered? Not helping the situation. If agents are able to acquire information as basic as the name and home address of the caller, or as advanced as the caller’s email address or social media profiles, they are immediately better equipped to skip the friction-filled portion of the call and get right down to collaborating with the caller to solve the issue.  

            There is no situation where more information or more context cannot better prepare the customer-facing brand representative to do their job more effectively.

            Keep yourself off of the internet for bad reasons and on it for good ones. Give your agents the information they need to handle every interaction, every time.

 

Tim Prugar is Next Caller's Director of Customer Success. He can be reached at tim@nextcaller.com.