Manage Learn to apply best practices and optimize your operations.

Spying eyes?

Taking a closer look at self-service technology.

Spying eyes?

Research shows it costs about $35 to service an inbound customer call and about $15 to respond to email inquiries. Enabling customers to browse for information lowers those costs to less than $1.

By Garry Kranz


Self-service technologies let customers browse Web sites for information on specific service questions: Does this product come in blue? Where is your nearest outlet? What is your return policy? Your customers save time and conveniently get basic questions answered -- often with little or no intervention from customer service representatives. Your company, therefore, reduces the cost of providing good customer service.

Frequently asked questions, or FAQs, are the most primitive form of self-help. More sophisticated tools include instant Web messaging, content pushing, browser sharing and voice over Internet technology. These self-service tools enable service reps to see all prior contact with the customer, eliminating the need for repeating account information.

Browser sharing, for instance, lets a service rep view your customers' online browsing habits in relation to their past interactions with the company. The service rep could anticipate the type of information customers are seeking and point them in the right direction.

To some, however, these cool technologies raise the specter of Big Brother and beg the question: How secure is your customers' information, anyway?

"The answer is 'not very,'" says security expert John Muir. "Many companies don't employ nearly the level of security they should, thus leaving some embarrassing holes. Unless they keep up with all the patches (for computer operating systems), their systems could be compromised."

Most companies ensure customer information is encrypted against fraud, identity theft and other unauthorized uses. Many Web sites use Secure Sockets Layer (SSL) technology, a commonly used protocol for providing security of messages transmitted via the Internet. Another security measure, known as a digital certificate, is used to verify a user's identity.

These measures provide some protection, but are not perfect. A digital certificate, for instance, indicates that "data is safe between two computers during a transaction. But it doesn't prevent that data from being vended somewhere else," or augmented with additional personal information gleaned from data mining, says Muir.

The biggest security threat is to "information at rest" in corporate data centers or databases, behind firewalls with varying degrees of security. "Self-service technology is an enabler of putting additional data at risk, but it's not terribly unique in its ability to do so," says Bob Lonadier, an analyst with Hurwitz Group in Framingham, Mass. "And there are solutions, namely things like public key infrastructure, that are rising to meet that need."

Brian McCauley is typical of many consumers. McCauley, an information-systems professional in Greenwich, Conn., likes the convenience and security of using Web self-help to manage his personal finances online. But when ecommerce sites ask for sensitive personal information, he draws the line. The reason for his reluctance, he says, has to do less with the security of technologies than with unpredictable human behavior. "What makes me uncomfortable is not the technology, but the human element," says McCauley. "If my personal information is sitting around in a database, anybody could have access to it. That's what makes me hesitant."

Information security is especially crucial in financial services and health care industries. Aside from federal laws regulating how information must be securely transmitted and stored, building security measures into customer-facing technology is sound policy. FundsXpress of Wilmington, Del., is a good example.

The company, which provides tools to help financial institutions offer online banking and other services, uses Bozeman, Mont.-based RightNow Technologies' secure customer self-service products. Michael Brooks, implementation manager, characterizes his company's security measures as "extreme," with Pretty Good Privacy (PGP) technology deployed "at a fairly stout level."

Another RightNow customer is DoubleTwist Inc. The Oakland, Calif. bioinformatics firm provides a highly secure online environment for pharmaceutical and research organizations developing new drugs. The information is accessible only by the user and a dedicated customer service representative, who has science training in bioinformatics. "Initially every one of our customers asks about security because of the nature of their information. This is a whole new frontier," says Su Liu, DoubleTwist's vice president of operations.

Security and cost

Research shows it costs about $35 to service an inbound customer call and about $15 to respond to email inquiries. Enabling customers to browse for information lowers those costs to less than $1.

Using self-service technology provided by Primus Knowledge Solutions Inc. of Seattle, Wash., has helped Hewlett-Packard allay customer fears and improve customer service, says Robert Schauble, director of IT services. Call volumes have remained flat while Web inquiries have nearly tripled. Two-thirds of each call was spent gathering information from a customer, with the remaining one-third devoted to problem resolution. "We've basically eliminated about two-thirds of the call because much of that information is harvested from the customer's computing device," says Schauble.

Be a Watchdog

Customers concerned about such "information harvesting" should be encouraged to request copies of companies' privacy policies. Many privacy statements are fairly standard and don't address removal of personal data once it's been provided. "The fear is that once that information is on a server, it's there forever," says Hunter.

Muir advises seeking written clarification on the information collected during an online visit. "Anytime your computer connects to another computer you have to wonder: Is the system scanning my machine? I haven't seen any overt disclosure statements about that."

Even the best-laid security plans are not impenetrable, however. Says Joel Tanner, product manager for Primus: "In the digital age, as long as somebody's trying to probe the wire to get unauthorized access to information, they're going to find a way to do it."

Questions to ask your self-help technology vendor:

  • What assurances do I have that our customers' data will be removed if I decide I no longer wish to do business with your company? Does your privacy/security policy stipulate that personal information about our customers won't be vended, transferred, or stored elsewhere? How will customers' personal information be disposed?
  • What policies and procedures do you have in place to prevent unauthorized users from accessing personal account information? What type of screening do you do to ensure company employees handling sensitive data don't have a criminal record?
  • Does your company implement independent system integrity audits to prevent fraud and misuse of your system and your customers' data? What voluntary standards has your company enacted that go above and beyond basic security precautions (such as full disclosure up front, written guarantees that no additional personal information about my customers will be gathered from other sources without their knowledge, etc.)
  • Does your company have an insurance policy in force to protect my clients' data from hacking and other risks?
  • Outline the aggressiveness of enforcement of your company's security/privacy policies. Be sure to let your customers know that strict security/privacy policies are being enforced with your self-help technology vendor.

Garry Kranz is an independent business and technology journalist based in Richmond, Va. Reach him at



  • To access a collection of useful links related to customer service and support, visit
  • has a variety of information related to customer service and support
  • also offers extensive information on ecommerce security.

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.